Health Information Management

Privacy and security primer: Tips from this month’s issue of Briefings on HIPAA

HIM-HIPAA Insider, July 28, 2014

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!


  1. Shared data means shared responsibility. If you share PHI with another covered entity (CE) or a business associate (BA), contribute positively to safeguarding that data.
  2. Implement processes for assessing and monitoring devices that store or transmit ePHI and ensure that your organization complies with them.
  3. Use OCR resolution agreements as case studies for compliance.
  4. Don't look at OCR resolution agreements narrowly. Consider the big picture and read through the document carefully because it may trigger a new idea.
  5. Before entering into an arrangement with a CE or BA, you must determine whether it is compliant. This is your due diligence.
  6. Auditing a CE or BA before partnering is not necessary, but due diligence requires you to review its administrative and technical safeguards, breach notification policies, and other business arrangements.
  7. A simple questionnaire can often help with due diligence by identifying red flags and it can be used to show OCR that you investigated the organization before entering the partnership.
  8. Failure to perform a regular risk analysis constitutes willful neglect, so it is important to perform one regularly.
  9. Servers often are equipped with default passwords, and a simple way to secure a new server is to change that password immediately.
  10. Ensure that workforce members have a secure connection to the server when working off-site by instructing them to connect via a virtual private network.
Continue reading "Privacy and security primer: Tips from this month's issue of Briefings on HIPAA" on the HCPro website. Subscribers to Briefings on HIPAA have free access to this article in the July issue.


Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

    Briefings on APCs
  • Briefings on APCs

    Worried about the complexities of the new rules under OPPS and APCs? Briefings on APCs helps you understand the new rules...

  • HIM Briefings

    Guiding Health Information Management professionals through the continuously changing field of medical records and toward a...

  • Briefings on Coding Compliance Strategies

    Submitting improper Medicare documentation can lead to denial of fees, payback, fines, and increased diligence from payers...

  • Briefings on HIPAA

    How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for...

  • APCs Insider

    This HTML-based e-mail newsletter provides weekly tips and advice on the new ambulatory payment classifications regulations...

Most Popular