Tip: Don’t forget about physical safeguards for your paper records.
Data breaches and exposure of protected health information seems to be happening on nearly a daily basis all over the United States. But what should you be learning from these breaches?
Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems LLC in Charlotte, VT, offers the following key lessons and quick tips for compliance:
1. Data Encryption — Encrypt data at rest on any desktop or portable device/media storing electronic PHI (ePHI).
2. Safeguards — Have clear and well-documented administrative and physical safeguards on the storage devices and removable media that handle ePHI.
3. Security Awareness — Raise the security awareness of workforce members and managers to promote good data stewardship. Make sure your staffers are well trained on what to do and what not to do.
4. Double-Check Before Sending — Make sure you have the right fax number, email address or postal address before sending PHI. Check your fax numbers on a regular basis, at least once per year, to ensure that the fax number you’re using is correct. If you don’t verify the fax number, who knows where that fax will end up?
5. Paper Records — Do not neglect physical safeguards for areas where paper records are stored or used.
6. Alternative Storage — Reduce risk through network or enterprise storage as an alternative to local devices.
7. Internal Audit — Monitor and audit your systems so you know what’s going on.