Q&A: PHI on employees' home computers
HIPAA Weekly Advisor, August 17, 2009
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Q. What do hospitals do with patient information stored on home computers employees use to dial in remotely? Do hospitals prohibit or prevent employees from storing information on nonhospital computers? If so, how? If not, how do hospitals ensure that patient information is deleted from employees’ personal devices and home computers?
A. Many healthcare organizations do not allow patient information to be downloaded or stored on employees’ home computers. Employees usually are allowed to access the network remotely using a VPN, and their work is done on the network. Those who need to access patient information, such as when physicians review test results, have read-only access and cannot download or print the information.
Allowing patient information to be downloaded and stored on an employee’s home computer or a PDA is risky, even if the device is password protected. Hospitals that must allow this practice should require users to permit the IT staff to inspect the employees’ devices to ensure that appropriate protections, including up-to-date virus software, are installed.
Editor’s note: Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question. This is not legal advice. Consult your attorney regarding legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- HIPAA Q&A: Level of encryption needed for email
- Capturing all necessary codes for IUD insertion and removal can be challenging
- Identify potential Medicaid RAC target areas
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- CHANGES COMING: Key differences in nationwide rollout
- Searched