![]() Remote Desktops and Virtual Computers – The technology and speed behind resources such as Microsoft Remote Desktop, Citrix, and VMWare makes the storage of real data (PHI) on computers obsolete and frankly unnecessarily risky. There are a variety of providers out there based upon your needs research and find the right one for you.ġ0. Regular text is often stored on cell phone company servers for years and is rarely encrypted. Encrypted Chat and Messaging – If you use text messages to communicate to clients or to other providers about clients, it needs to be secure and encrypted. These assessments are a vital part of any HIPAA compliance effort and should be done annually.ĩ. They are usually inexpensive, take a couple weeks, and will reveal a wealth of data and information about your network, devices, sysadmin health, patches, users, data flow, etc. Network Assessments – If you have never had a network assessment, find a local provider and get one performed. Automatic Logoff – Every single computer in your company should be set to automatically logoff after a short period of inactivity and computers in high non-employee traffic areas should require access cards, key fobs, or other devices that require physical token to log in.Ĩ. ![]() The bottom line is that you should never have a computer with PHI in an unencrypted state.ħ. If you use a PC, there are a wealth of encryption programs out there. Data Encryption – If you use an Apple, activate FileVault. Services like this allow you to consolidate your HIPAA efforts into a single online portal, provide training, and produce easy reports for those pesky OCR auditors.Ħ. Online HIPAA Management – HIPAA compliance programs are tough to manage, keep up-to-date, and track use a service like HIPAA Trek. Part of their problem was a failure to conduct a security risk assessment on the their digital document storage and handling.ĥ. In one of its most recent settlements, a company called SEMC got into big trouble for using an unencrypted and unsecured cloud site to store and exchange documents. Secure Cloud Storage – If you use Dropbox or a service like it, you need to either encrypt the files before uploading them or use a service like Sookasa that will automate your encryption. Services like Zixcorp make encryption easy to use and implement.Ĥ. ![]() Encryption services are cheap and provide a secure method for you to send and transmit PHI. E-mail Encryption – If you are not encrypting e-mails that contain PHI, you should. This tool is easy to use and gives you the ability to do company-wide analyses or narrow ones, such as changes in your IT infrastructure or a new product rollout.ģ. The Department of Health and Human Services released a free Security Risk Analysis Tool that dramatically simplifies this requirement. ![]() Security Risk Analysis Toolkit – HIPAA requires all covered entities to perform ongoing security risk analyses as part of their statutory compliance efforts. Use these tools to require passwords, automatic lockouts, and even remote wipes of company data from lost devices.Ģ. Mobile Device Management – The vast majority of e-mail providers and even some routers give you tools to control the mobile devices your employees use to access email. To that end, here are 10 technology tips that small medical practices-and larger ones too-should be implementing.ġ. Fortunately, technology gives us a helping hand with many of these hurdles and simple, often inexpensive solutions can dramatically improve your compliance efforts and help you avoid HIPAA violations. Now that more states are expanding the definition of a covered entity and/or business associate, it’s time to get serious about locking down your HIPAA data and looking for new ways to increase the security of your environment. HIPAA presents an amazing amount of challenges and problems for any entity falling under its umbrella.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |