This month\'s issue focuses on Top 4 HIPAA Initiatives namely: #1 No Flash Drives #2 No Third Party Apps for Communication or Storage of Data #3 If you use your own phone for communication, secure it else use at your own risk! #4 “Be Cautious” with paper files you are given as to secure or shred them after viewing
HIPAA Guard H E R A L D Y O U R M O N T H L Y N E W S L E T T E R O N S U R V I V I N G H I P A A ISSUE 08 July 2018 LATEST ON HIPAA I n t e r v i e w w i t h R e g i o n a l G e n e r a l H o s p i t a l ' s C h i e f P r i v a c y O f f i c e r H e a t h e r T h o m p s o n In continuation of our amazing interview , up close and personal with Regional General Hospital’s Chief Privacy Officer, . Question: Can you give us your top 3 reasons if you were asked why should a company or organization particularly in the Healthcare industry, have a privacy officer? Heather: First and most importantly, to protect and ensure patients’ rights and information. Second, to help maintain administrative and compliance requirements. Third, to keep your organizations employees educated on patient privacy and education of the advancement of security and other safeguards. Question: Can a healthcare organization afford not to have a privacy officer like in the case of rural hospitals? Can they opt not to have one for their organization? If yes, why and if no, why not? Heather: I believe an organization can’t afford to not have a Privacy Officer. Privacy is about respecting people, and people having trust. If a person does not trust someone, you may lose their relationship. In turn, a business such a small Rural Hospital, will loose patients due to lack of trust and respect. It can then lead to a bad reputation and moral of the organization. Question: How do you help create a culture of compliance for privacy and security of PHI and ePHI within your organization? Heather: I think a good way to create a good culture, is to give employees all the tools and resources of keeping up with knowledge and education. If we continue create a positive and creative way to educate employees… they will have a good understanding and feel comfortable with compliance. It becomes a natural habit of their work day, and not something they feel is a stressful challenge. # 1 No F l a s h D r i v e s One of those kinds of portable devices which has a growing concern as to its vulnerability is USB Flash Drives. Your practice or your facility, in general, should be very cautious in allowing use and access of ePHI offsite. To get you on track of HIPAA compliance measures, your practice or facility must conduct a risk analysis to determine potential risks and vulnerabilities linked with the use of such devices for remote access of ePHI. Then you must develop risk management measures to reduce the probability of such danger from happening to at a least reasonable and appropriate level. In your Risk Management phase, consider these three areas in forming your practice or facility's policies & procedures to protect the ePHI.