Your next defense with mobile devices is enabling encryptions, firewalls and secure user authentication on every device. There are technologies that can also remotely lock, or wipe ie. Reset to factory defaults erasing all apps and data using apps and software programs. This is your backup plan if a work device is lost or stolen. Again, stress the importance of maintaining possession of devices and keeping the encryptions and firewalls up-to-date and user authentication hard to crack to employees handling these devices.
Accidents do happen, but sometimes employees are just cavalier, so to help your employees and yourself remain HIPAA compliant, enable these security precautions on each mobile device your business has and lends out for employee use. Handling paper and electronic files is a tricky business. Again, this is a human error problem. Too many of these cases have occurred because employees forgot or chose not to shred paper files before throwing them away.
An employee could be having a bad day, an extremely busy day or is easily distracted by other employees, which causes them to overlook shredding papers with PHI on it.
The best way to avoid this problem and keep employees from violating HIPAA is switching to an electronic filing system. Even when busy, healthcare employees must never leave documents containing PHI in areas where they can be viewed by unauthorized individuals, picked up by other healthcare workers, or seen by other patients.
You can prevent HIPAA violations by reminding employees who are not taking sufficient care with patient files about the risk of accidental disclosures of PHI. Unfortunately, none of the common messaging services have the necessary controls to prevent accidental disclosures of ePHI to unauthorized individuals.
For example, SMS messages are not encrypted and can easily be intercepted. WhatsApp is encrypted, but lacks appropriate authentication controls. In order for a text messaging service to be used, your employer must have signed a HIPAA-compliant business associate agreement with the service provider. If you need to send ePHI, only do so through approved channels such as a secure, healthcare text messaging platform.
While most healthcare organizations have now transitioned to electronic health records, documents are still widely used. Any document containing the PHI of a patient must be kept secure at all times and disposed of securely when no longer required. Your employer should have strict rules covering the disposal of PHI which prohibits the disposal of documents with regular trash. You must be extremely careful to ensure that any paper copies of PHI are disposed of securely.
The accessing of patient health records by employees, without any legitimate reason for doing so, is a serious violation of HIPAA Rules and patient privacy.
While the majority of healthcare employees respect the privacy of patients, there have been numerous cases over the years of patients snooping on the records of patients. Healthcare employees are only permitted to view patient records if they are required to do so for treatment, payment and healthcare operations.
For treatment purposes, employees are only permitted to view the records of their own patients. Those logs must be regularly reviewed. Depending on the system in place, a flag could be immediately raised or it may take until the next audit for the privacy violation to be discovered, but Improper accessing of PHI will be identified. If medical records are accessed without authorization it is likely to result in termination, and potentially criminal penalties against the individual concerned.
Such actions are also likely to make it difficult to obtain future employment at other healthcare organizations. Support: Sales: Buffalo, NY. S upport: Sales: Bonita Springs, FL. Follow us. A good IT expert can help you launch new software, and the business enablement processes to go with it.
Computer Running Slow? If you have a computer running slow, we have the quick fixes you need.
0コメント