• E-mail
• Print
• RSS

TIP: Avoid vague education on communication devices, Web sites

HIPAA Weekly Advisor, November 16, 2009

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Covered entities and business associates can protect themselves against the dangers of unsecured social networking Web sites and communication practices by taking a hard stance against them, experts advise.

You can protect your organization by investing in communication devices such as BlackBerry® smartphones and banning sites such as Facebook and Twitter from hospital computers, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR.

Education is essential, and it must be specific—it’s no good if it’s vague, he says.

Use these four models together to educate employees and protect your facility:

• New employee training (i.e., orientation)
• Annual refresher training
• Security reminders (e.g., weekly helpful e-mails, information in the hospital newsletter, messages that flash on staff member computer monitors)
• Communication policy: During annual staff member performance reviews, require staff members to acknowledge in writing that they have read and understood the policy

Teach clinical staff members to adopt the habit of texting messages that express urgency without including PHI. For example, write “Call me” or “I have an important message and I’m going to leave you a voicemail.” Then, if you lose information, you’re not losing anything that’s personally identifiable.

Editor’s note: This is an excerpt from an article in the November edition of the HCPro, Inc. newsletter, Briefings on HIPAA.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive