Tag Archives for: "covered entities"

Cracking the Code of HHS Guidelines for Encryption of PHI

To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability and Accountability Act (HIPAA) says, “A covered entity must implement a mechanism to encrypt and decrypt electronic protected health information.” That sounds a lot like the government’s way of saying, “End of discussion.” But actually it’s not that clear cut. HIPAA goes on to state, […]

Read more »

The Basics of Mobile Device Security for Protected Health Information

The single most common way Protected Health Information (PHI) is compromised is through the loss of devices themselves, whether this happens by accident or by theft. Technology — thumb drives, CDs, smart phones, tablets — has made it possible for large amounts of information to be tucked into our pockets or purses and carried to our cars, homes, favorite coffee shops, or hotel rooms at conferences. Files that used to take up an entire wall can now fit on a 2-inch thumb drive, a mini iPad, a laptop. But with this amazing technological convenience, comes increased responsibility. “Covered entities and […]

Read more »

Urban Legends & the HIPAA Risk Analysis

Strange as it might seem, HIPAA compliance and the New York City sewer system share a connection. Both have given rise to “stories with little or no supporting evidence that spread spontaneously in varying forms and often have elements of humor, moralizing, or horror” — in other words, both contain  the stuff of “urban legends.” In the case of New York City, urban legend says that large alligators prowl its sewer system, flushed there by New Yorkers returning from Florida vacations with live, little “lizards,” souvenirs they soon tired of. In the case of HIPAA, legend has it that the […]

Read more »

Can You Keep a Secret? 9 Tips for Creating Strong Passwords.

The computers in your office are veritable treasure chests of information cyber pirates would love to get their hands on. Only authorized personnel in a practice should have the keys to unlock what’s inside.  Passwords as those keys. They play an important role in protecting Electronic Health Records (EHR) and the vital information those records hold. The HIPAA Security Rule says that “reasonable and appropriate . . . procedures for creating, changing, and safeguarding passwords” must be in place. But the rule doesn’t stop there. It goes on to say that “In addition to providing passwords for access, entities must ensure that workforce […]

Read more »