Use social media cautiously: Tips to help prevent PHI breaches
HIM Connection, August 9, 2011
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Healthcare organizations can protect themselves from PHI breaches associated with the use of social media. Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, offers the following recommendations:
- Establish and document a formal policy governing use of social media. Use results of periodic and annual audits to update your policy regularly.
- Educate all staff members regarding your social media policy and its enforcement.
- Conduct a risk analysis to identify threats that your organization faces.
- Evaluate the use of social media for business, clinical, and personal purposes.
- Require the use of company-owned portable devices, if feasible. You have greater control of equipment you own.
- Prohibit and block use of Web mail.
- If your organization uses social networking sites for business and/or clinical purposes, know and document your acceptance of these risks.
- Prohibit after-work use of social media to post PHI or health information that can easily identify a patient. Ensure that your policy specifically explains this prohibition and the disciplinary actions that violators face.
- Ensure that your policy addresses remote access.
- Monitor Internet use and sites visited. Block access as you deem necessary
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
-
HIPAA Handbook for Nutrition, Environmental Services, and Volunteer Staff:
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Coders, Billers and HIM Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- HIPAA Q&A: Level of encryption needed for email
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Hospitals are not bound by InterQual criteria for determining patient status
- ED-to-inpatient transfers are flawed with safety gaps
- Searched