• E-mail
• Print
• RSS

TIP: Establish proper policies for laptop protection

HIPAA Weekly Advisor, June 14, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

Editor’s note: This is the first in a series of tips in HIPAA Weekly Advisor on laptop security. The excerpts are courtesy of the HCPro, Inc. newsletter, Briefings on HIPAA.

Protecting laptops and other portable devices should be a priority for healthcare organizations because they introduce the highest level of risk to an organization, says Ali Pabrai, CISSP, CSCS, CEO of ecfirst, Inc., and CEO and cofounder of HIPAA Academy in Newport Beach, CA.

“Patient information is not just leaking out; it’s walking out of organizations,” says Pabrai.

Establish proper policies to beef up your laptop security program. “In security, everything starts with a policy,” says Pabrai. Policies established to protect laptop computers must address both encryption and authentication.

Your information security management program should include a full suite of policies and procedures that address the standards and implementation specifications set forth in the HIPAA Security Rule, says Phyllis A. Patrick, MBA, FACHE, CHC, cofounder and managing director of AP Health Care Compliance Group, which has offices in Pittsburgh and Purchase, NY.

These must include administrative, physical, and technical safeguards, along with documentation requirements.

Consider the use of laptop computers and other mobile devices in all of these policies, she says. For example, your policies and procedures should address the following topics:

• Acceptable use of laptop computers
• Protection of laptop computers and portable devices
• Remote access
• Access controls
• Audit controls
• Working with sensitive data off-site
• Encryption
• Workstation use
• Workstation security

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive