Q&A: You've got questions! We've got answers!
Physician Practice Insider, September 20, 2016
Submit your questions to Associate Editor Nicole Votta at nvotta@hcpro.com and we will work with our experts to provide you with the information you need.
Q: I work for a facility that uses password-protected laptops that are connected to a server. No PHI is stored on the laptops, and we are not allowed to remove them from the facility. Do the laptop hard drives need to be encrypted?
A: If the laptop hard drives are not used to store PHI and there are mechanisms in place to prevent PHI from being stored on the laptops, encryption is not a requirement. Staff can't simply be forbidden from storing PHI on the laptops; there must be security measures in place that prevent staff from downloading PHI to store on the hard drive, inserting a USB drive that may store PHI and transferring it to the hard drive, or copying PHI from, for example, an EHR and storing the PHI on the hard drive. It's a good idea to keep in mind that if other sensitive information such as employee files or company intellectual property is stored on the hard drives, it is a good idea to encrypt the hard drives to protect the organization. Also, removing the laptops from facilities may be prohibited, but that won't stop a thief from stealing the laptops. If there's a possibility that PHI or other sensitive data may be stored on the hard drives of the laptops, it's wise to encrypt the laptops.
Editor’s note: Chris Apgar, CISSP, president of Apgar and Associates, LLC, answered this question for Briefings on HIPAA. This information does not constitute legal advice. Email your questions to Associate Editor Nicole Votta at nvotta@hcpro.com.
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Five ways to safeguard your patients' valuables
- The consequences of an incomplete medical record
- Q&A: Primary, principal, and secondary diagnoses
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- OSHA HazCom updates include labeling, SDS requirements
- Plan of Care Supports Documentation of Homebound Status
- Note similarities and differences between HCPCS, CPT® codes
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Neurological checks for head injuries
- Modifiers and medical necessity
- Follow these tips to properly report bladder catheter codes
- Five ways to safeguard your patients' valuables
- Differentiate between types of wound debridement
- Searched