HIPAA Spoken Here

Helpful tips and straight talk about HIPAA compliance

Cracking the Code of HHS Guidelines for Encryption of PHI

To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability and Accountability Act (HIPAA) says, “A covered entity must implement a mechanism to encrypt and decrypt electronic protected health information.” That sounds a lot like the government’s way of saying, “End of discussion.” But actually it’s not that clear cut. HIPAA goes on to state, […]

Read more »

Beware of the Email Attachments from Hell

If you or someone on your staff opens one of these diabolic — yet seemingly innocent — email attachments, they can infect the office’s computers and make running your practice “hella” difficult until they’re fixed. Email attachments are a common source of viruses and worms. When opened, they can give hackers control of your computer, enabling them to send copies of their message to every email address in your address book. Malware like this can do a lot of damage within your office and beyond — crippling computers, servers, and networks. In this HIPAA Quick Tip, I’ll offer a few […]

Read more »

The Pluses of a Virtual Private Network for Exchanging PHI Remotely

Let me set a scene where a Virtual Private Network (VPN) would be “just what the doctor ordered.” You’re out of town at a conference of healthcare professionals in your specialty. Before you left home, a colleague asked you to consult on a paricular case. She said she would email you the patient’s test results  as soon as she got them, along with relevant details from his medical history.Watch Full Movie Online Streaming Online and Download “Take a look as soon as you can,” she said, “Then tell me what you think.” You brought your laptop with you. The hotel […]

Read more »

The Basics of Mobile Device Security for Protected Health Information

The single most common way Protected Health Information (PHI) is compromised is through the loss of devices themselves, whether this happens by accident or by theft. Technology — thumb drives, CDs, smart phones, tablets — has made it possible for large amounts of information to be tucked into our pockets or purses and carried to our cars, homes, favorite coffee shops, or hotel rooms at conferences. Files that used to take up an entire wall can now fit on a 2-inch thumb drive, a mini iPad, a laptop. But with this amazing technological convenience, comes increased responsibility. “Covered entities and […]

Read more »

Basics of a Good Business Associate Agreement for HIPAA

When it comes to safeguarding Protected Health Information (PHI), you could say, “It takes a village.”  The Omnibus Rule underscores the fact that protecting patients’ health information and their right to privacy is the responsibility today not only of healthcare providers, but also of their business associates (BAs) whose work requires them to access PHI.  And the Business Associate Agreements mandated by HIPAA play an important role in that shared responsibility. Get your free BAA template here! (Not.) In this post I’d like to offer a handy BAA template that would work for all your business associates, as defined by […]

Read more »

8 Simple Physical Safeguards for Protected Health Information

It’s happened in hundreds of offices. A thirsty staff member brings a beverage to a computer workstation. Sets in down within easy reach. Logs on to the computer and turns her attention to the screen. A few minutes later, she absently reaches for the drink. Accidentally knocks it over. Gasps as the cola from her Big Gulp seeps into the crevices of the practice’s main computer. Stuff happens. Here are a few simple physical safeguards you can put in place to protect health information from perils as varied as spills, overloaded outlets, fire dangers, and earthquakes. Eat, drink, and be merry […]

Read more »

HIPAA & The Miley-Cyrus Approach to Data Disposal

Does a Miley Cyrus video with over 750 million views offer any insights into what HIPAA says about data disposal? Well, consider this: The massive wrecking ball Ms. Cyrus sits on in the video swings between cinder-block walls. And before the hit song is over, they’re reduced to rubble, destroyed beyond recognition. If it’s not too much of a stretch, let’s think of that image from the “Wrecking Ball” video as a metaphor for the Security Rule’s guidelines for the disposal of computers, laptops and other media that house Protected Health Information (PHI). The best way to prevent unauthorized access […]

Read more »

6 Symptoms of a Possible Computer Virus

In your line of work, people come to you every day with symptoms. Chest pains. Chills. Blurred vision. Toothaches. And every day you draw on your years of medical, optometry, or dental training and your skills as a diagnostician to figure what’s wrong and how to fix it. As a healthcare professional, it’s what you do. But when it comes to diagnosing a computer virus, it’s not uncommon for healthcare providers to say in frustration, “Beats me why this computer’s acting so weird!” Not uncommon either to hope that a simple re-boot will solve the problem. Sometimes it does. Not […]

Read more »

Basic Guide to Thwarting Theft of Protected Health Information

Fact: According to the latest HIPAA and Breach Enforcement Stats from the Office of Civil Rights (the arm of Health and Human Services responsible for HIPAA enforcement), theft is the leading cause of reported breaches. Last year, as a direct result of a breach report of a stolen unencrypted laptop, Concentra Health Services paid OCR $1,725,220 to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. And that’s just one story. There have been plenty more, and the number continues to grow. First step to thwarting theft of Protected Health Information: Think like […]

Read more »

Urban Legends & the HIPAA Risk Analysis

Strange as it might seem, HIPAA compliance and the New York City sewer system share a connection. Both have given rise to “stories with little or no supporting evidence that spread spontaneously in varying forms and often have elements of humor, moralizing, or horror” — in other words, both contain  the stuff of “urban legends.” In the case of New York City, urban legend says that large alligators prowl its sewer system, flushed there by New Yorkers returning from Florida vacations with live, little “lizards,” souvenirs they soon tired of. In the case of HIPAA, legend has it that the […]

Read more »