It has become commonplace to turn on the news and hear about a data breach from a big named company. Unfortunately, some breaches occur because of simple errors. An unsecured password, a file scanned into the wrong chart, a mixup of birthdays, all can lead to a breach.
Healthcare employees are rockstars and have so many job functions to perform. So how can we help them? First, we provide a list of simple steps to take internally to reduce the risks of a breach AND offer a free service to take the release of information function off of their plates.
Read on for tips on how to be PROACTIVE rather than REACTIVE when it comes to breaches.
- Secure all physical locations: All entryways and windows to your facility must always be locked, as these are the first barriers in PHI protection.
- Protect all electronic devices: Computers, laptops, and mobile devices containing PHI should be password protected and always stored in secure locations when not in use. When possible, utilize multi-factor authentication to ensure a device cannot be accessed. (See this link)
- Utilize a strong password policy: Passwords protecting PHI should contain a random combination of symbols & alphanumeric characters that would not be easily unveiled.
- Limit access to PHI: Accessing specific records should only be done when absolutely necessary and should be limited to authorized personnel. Employees should also be aware of what is considered PHI and only release the specific information that is requested. PHI should not be accessed unless authorized.
- Double & triple checking information: Patient's name, date of birth, Social Security number, dates of service requested and the sending/receiving locations should always be checked several times before releasing the information.
- Internal & business associate auditing: Routine checks by the company's compliance officer is a must in order to ensure that all employees are following policies correctly. Furthermore, always make certain that all contracts with BA's are up to date.
- Destroy PHI properly: PHI includes both paper and electronic records. Protocols should be set in place to ensure paper records are shredded/destroyed and electronic information is deleted using proper HIPAA guidelines.
- COMPLIANCE, COMPLIANCE, COMPLIANCE: As all policies are important, they mean nothing if all employees are not properly trained to follow them. Make sure you and your fellow employees always understand and are dedicated to following HIPAA guidelines to keep PHI safe at your facility.
Research shows that breaches end up costing a facility significantly more in fines than in basic preventive costs. Implementing simple safeguards at your facility can make all the difference in protecting PHI.
The best safeguard you could implement? Partnering with MediCopy as your release of information vendor! MediCopy takes the appropriate steps to ensure every medical record we process is compliant and secure! All employees receive initial and continuing compliance education. Let our experts take the release of medical information off of your plate. As an added bonus, our CarePortal is hosted on a secure HIPAA compliant platform and acts as an accounting of disclosure log on each and every request for medical records. To learn more about MediCopy and commitment to keeping your records secure please reach out here.