Health Information Management

Tip: Consider security of electronic releases of information

HIM-HIPAA Insider, August 3, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Harry B. Rhodes, MBA, RHIA, CHPS, CPHIMS, FAHIMA, director of practice leadership at AHIMA in Chicago suggests it is best practice for facilities to encrypt electronic copies of records provided to patients. “Many [providers] are looking to use a certificate authority and PKI public key/private key encryption,” Rhodes says, noting that these will mean additional costs.

Some facilities choose to password-protect the information, which is also a good idea, says Jean S. Clark, RHIA, CSHA, service line director for HIM at Roper Saint Francis Hospital in Charleston, SC. Doing so can be a reasonable choice when it comes to protecting information stored on portable media, such as a CD-ROM, as opposed to information sent via e-mail, which may be better secured through encryption, for example.
At the very least, most HIM departments will need to update their existing policies for paper ROI to address the new considerations for electronic releases. Policies should include information on whether a facility will use encryption and password protection. Although those safeguards may be advisable, they are not required.
Facilities need to outline how they will handle the release of electronic protected health information and keep patient information secure. For example, providers must decide whether to encrypt information when HIM staff will be handing the information directly to the patient requesting his or her medical record.
Editor’s note: For more tips, view the full article on the HCPro website. Medical Records Briefing subscribers have access to the article in the August issue of the newsletter.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular