Keeping things secure isn't
so easy anymore
From the November 2011 issue of HealthCare Business News magazine
By Dr. Tom Darr
This article originally appeared in the November 2011 issue of DOTmed Business News
Currently, more than two-thirds of doctors have smart phones, the use of tablet PCs is growing, and billions of dollars are now being invested in health IT systems, including electronic health records. While the growing use of health IT promises productivity gains and greater coordination of health care to patients, the ability to more easily share health information carries some risks.
The Health Insurance Portability and Accountability Act (HIPAA) regulates the use of Protected Health Information (PHI) and details security and privacy standards and rules ensuring patients have access to their data. Following some simple steps will help physicians protect the health information used in their practices.
HIPAA requires reasonable steps are followed to secure the integrity and confidentiality of PHI. This means it is important to understand where your patient information is stored, who has access to it and how it moves around your organization, regardless of whether it is on paper or in electronic form. The following is an essential checklist of actions you can take to secure patient data:
*Use strong passwords to protect computers and electronic devices. A strong password is at least eight characters long, does not contain a complete word, is significantly different from prior passwords and contains a combination of upper case and lower case letters, numbers and symbols.
*Install encryption software on all laptops and desktops that contain PHI. This is important, as a theft or accidental loss of secure, properly encrypted information is not a considered a “breach” under HIPAA.
*Install antivirus and malware detection software on all computers.
*Implement password protection on databases containing PHI.
*Physically secure (e.g., with locking cables) all hardware that stores PHI.
*Remove all PHI from electronic computing and communication devices before disposal or reuse.
*Always log off when leaving your computer. As an additional safeguard, set your computer to automatically password protect access after 10 minutes of non-use.
*In public areas, arrange workstations so that others cannot view information on the screen.
If your practice does not currently use an electronic health record (EHR) system, the chances are that it soon will. The combination of federal incentives and benefits such as real-time access to legible patient data, improved continuity and quality of care, increased productivity, and greater patient and staff satisfaction makes an overwhelming case for adopting an EHR.
