You have most likely seen and read about HIPAA breaches or other technical security issues. Often we do not realize that many of these issues are actually due to the incorrect use of technology, as well as not having established the most basic people procedures.
For example, let’s say that someone working in your clinic leaves. Do you know for sure that that person no longer has access to your clinical systems? You could have gotten the building key back, but remember the person can still come by your office, access Wifi and still do damage. Essentially you only took back one key: there are actually many other doors to your office.
So it’s essential that before you think about technical security, make sure your own people are complying with good security practices every day.
Here are some basic things you can do:
- Use your phone’s auto PIN lock or fingerprint access and know how to remotely disable your phone.
- Assign a username and password for each of your employees. This is also important for the off-boarding process. For example, if you are sharing a password for the clinic’s main email access, change that password.
- Check and understand where and which mobile devices are being shared. Again, be vigilant about changing passwords.
- Make sure everyone is aware that accidental photo taking of PHI (labels, charts, name tags, address, bills, envelopes, etc.) can cause a HIPAA breach.
- Avoid emailing PHI containing information in the text of email. If you must send the information, use a secure email service or zip the file and then assign a password.
- Have a simple and regularly updated employee off-boarding checklist. Remove access to web-based subscriptions, office VPN, and often missed but most important, the WiFi password.
- Train every employee on all of the above. Keep a signed record of training.
When you’re all set with the above processes, take the time and find, evaluate, and establish a medical enterprise grade secure messaging and image sharing solution.
Cover Photo: "- Padlock -" by User:Nino Barbieri - Own work. Licensed under CC BY-SA 2.5 via Wikimedia Commons