Health Information Management

The impact of PHI mapping on risk management

HIM-HIPAA Insider, June 2, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

It's time for your organization to begin its risk assessment—do you know where your PHI is?

Often, privacy and security officers are so focused on complying with HIPAA requirements that they lose sight of other factors that are integral to protecting data. Before you can dive deep into privacy and security, you must go back to basics.
The first step in securing data is to use PHI mapping to become more aware of where the PHI in your organization lives. PHI mapping is the practice of understanding the life cycle of an organization's PHI by tracking it through various methods and ensuring that it is secure. "If you don't know where your data is, you can't protect it," says Phyllis A. Patrick, MBA, FACHE, CHC, founder of Phyllis A. Patrick & Associates, LLC, in Purchase, New York.
It's also about knowing where your data is located so you can examine the appropriateness of technical and physical safeguards, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon.
"Not knowing where your data is is a significant risk, and people will be surprised when they find out that they have patient information in places they never dreamed they did," Apgar says.
Continue reading "The impact of PHI mapping on risk management" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the June issue.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular