Would you leave your front door unlocked?
Of course, the answer is “no” – so why is your electronic health information left unlocked?
As healthcare providers are putting more and more protected health information (“PHI”) on their computer networks and electronic medical records (“EMR”), healthcare providers must also take protecting their computer devices and networks as seriously as they would for their physical practice.
As technology has progressed, many healthcare providers–and individuals in general–have taken a lackadaisical approach to protecting their electronic devices. In addition to risking general loss of data and reputational harm, healthcare providers are also risking criminal and civil penalties imposed by the government in the event of a breach of unsecured PHI.
As a result, healthcare providers need to be proactive and implement the proper security and privacy controls.
There are numerous privacy and security measures that should be implemented for electronic and non-electronic PHI (Article).
We are highlighting three (3) must haves:
1. Inappropriate Access: While paper records can be secured in a locked drawer or room, electronic PHI requires implementing appropriate safeguards to limit which employees can access certain categories of PHI, ensuring that workstations automatically log-off after a certain period of time, and requiring users to log-off if they leave their designated workstation.
2. Record Modifications: While paper records can be altered by anyone that gains access to the chart and inputs new information, electronic PHI may be altered if a user’s rights are not restricted within the software. For example, “users with data modification privileges can generally add, delete, or modify data or entire records. Data can also be tampered with by directly accessing the files stored on the EHR servers using a server account rather than an EHR user account.”
3. Data Loss: Paper records can deteriorate over time or destroyed in a natural disaster (fire, tornado, flood, etc.). Electronic records can be as well, but they are also more prone to immediate destruction via a broken hard drive, hacker, or malicious software. Healthcare providers need to ensure that they have proper backups to protect all PHI.
If your organization needs assistance with protecting its data – we can help. For assistance CLICK HERE.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.
