Health Information Management

Tips to ensure secure PHI

HIM-HIPAA Insider, December 1, 2009

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

HIM directors play a key role in collaborating with IT staff members to ensure acceptable encryption methods. Consider the following tips to help ensure compliance with HHS’ guidance:
  • Understand various methods of encryption. “I think the problem with understanding encryption is that there are so many ways in which [it] can be done,” says Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, privacy, security, and compliance consultant at Rebecca Herold & Associates, LLC, in Des Moines, IA. “CEs don’t understand that they need more than one type.”
  • Be wary of faxing PHI. Most fax machines now store fax receipts as electronic images, says Herold. Because faxes often pass through networks and their storage on fax servers is increasing, they are vulnerable to unauthorized access, she explains.
  • Require remote employees to sign a confidentiality statement. This statement should reiterate employees’ understanding that PHI is at greater risk of breach when they work with it off-site, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA. The confidentiality statement should require employees to comply with facility rules and regulations, shred confidential information, and log off their computers when they’re not using them, she says.
Editor’s note: For more tips, view the December 2009 issue of Medical Records Briefing.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular