Sanction Policy Both the HIPAA Security Rule and the HIPAA Privacy Rule require Covered Entities and Business Associates to document the disciplinary policy and apply sanctions against members of the workforce who violate the respective regulations.   Sanctions may be applied if you: Access PHI that is not necessary for your job [...]

HHS Guidance on Sharing Mental Health Information of a patient The HHS Office for Civil Rights published guidance that addresses some of the more frequently asked questions about when it is appropriate under the HIPAA Privacy Rule for a health care provider to share the protected health information of a [...]

Protect Yourself from Data Security Breaches By monitoring your accounts regularly, you can respond quickly if hackers attempt to use your information.   Security Tips: Pay attention to “last logged in” info. Sign up for electronic alerts. Consider a credit monitoring service. Freeze your credit. Change your passwords regularly. Think [...]

Secure Paper Protected Health Information (PHI) too! Sensitive information on paper is the same as sensitive information on a computer. Both need to be protected from unauthorized access and should be treated with caution and discretion. In particular, protected health information (PHI) in all forms (e.g., verbal, fax, paper, electronic) [...]

Information Security Reminder Spring is upon us. And while most of us look forward to enjoying the time, scammers and hackers are hard at work trying to foil that enjoyment. Here are a few reminders to help you foil the attackers: • Ensure that your home computer systems are protected with [...]

Information Systems are a Privilege Your access to information “assets” such as hardware, software, storage media, etc. is a privilege. Use of company-owned software and hardware is for legitimate, job-related activity only. Protect this privilege! Guard your authentication credentials – username, password, ID badge, key fob, etc. Do not share your [...]

Clean Desk Policy Keep the minimum amount of paper PHI on your desk – only the documents you are working on at the moment. Why? A clean desk produces a positive image – you are organized and respect patients’ privacy. Sensitive documents left in the open can be stolen by [...]

Protecting a Patient’s Privacy Well-known individuals or celebrities have the same rights to privacy as anyone else. Privacy violations involving celebrities are further complicated due to the higher exposure that may follow these types of patients. Remember: Do not access a patient record unless it is necessary in order to [...]

Social Networking Safety Social engineering is quickly becoming the most common way the “bad guys” are breaking into systems. Our systems are good at keeping the bad guys out. But it’s much harder to keep them out once you’ve let them in by visiting infected websites, clicking on links or [...]

Secure PHI in Patient or Customer Care Areas Do not discuss PHI or customer details in common places such as cafeterias, elevators, parking lots, or outside the facility. Do not leave hard copy files unattended, for example on top of the desk. Review your company Clean Desk Policy. If you [...]