Corporate Compliance

Tip: Safeguarding data from unauthorized individuals

Compliance Monitor, July 13, 2011

Hospitals are open facilities, but they should have areas that are inaccessible to the public.

"Physical security in a hospital is impossible," says Raj Chaudhary, MS, PE, CGEIT partner and leader of the security and privacy practice at Crowe Horwath, LLP, in Chicago.

Even though staff members are trained otherwise, they may leave doors open that should normally remain locked, allowing unauthorized people access to restricted areas. Additionally, data is often stored in unsecured locations, such as unlocked file cabinets that contain patient records.

Conduct a walk-through, both during and ­after business hours, to help identify weaknesses through which unauthorized people can gain access to both ePHI and paper documents.

This tip was adapted from the August 2011 issue of Strategies for Health Care Compliance. More information about Strategies for Health Care Compliance is available at the HCMarketplace.

Most Popular