Health Information Management

Protect PHI when staff members leave

HIM-HIPAA Insider, June 15, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Establish a procedure to protect PHI when clinical staff members leave your organization. This is basic security, but not addressing this potential risk can create a major problem. “It is imperative for hospitals to establish ownership of data when a clinical staff member who has access to PHI is no longer affiliated with the organization,” says Jaspinder Grewal, management consultant for healthcare IT and project lead for application services at a Chicago-area hospital.

Healthcare organizations should consider forming “no use of information and data agreements” with staff members. Such an agreement would prevent staff members from using any data acquired because of their role in the organization after they leave it, says Grewal.
 
Facilities that don’t already do this should establish a process. Whether someone resigns, gives notice, or is terminated, be sure to notify your information services department beforehand. This enables IT staff to proactively prohibit access to PHI as soon as these staff members are no longer with the organization, says Grewal.
 
Editor’s note: This tip was excerpted from the June issue of Briefings on HIPAA.
 



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular