How should you store your practice’s PHI?

With breaches quadrupling in 2016, many practices and hospitals are at a loss as to how to store their protected health information (PHI).

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog click here).

Some providers and hospitals have moved their PHI overseas with offshore vendors.

Unfortunately, if a breach occurs, the Office of Civil Rights has stated that they will not pursue foreign companies. This means, that all the risk is on the HIPAA-covered entity.

This problem becomes bigger when providers use stateside business associates – who then use offshore vendors.

What should a provider do?

Make sure that your business associate agreements are very clear that you will not allow your data to be stored offshore and you do not allow business associates to use offshore resources.

Find out if any of your vendors do offshore data. If they do, find out what policies they have in place to protect themselves and your practice.

We recommend that our clients encrypt all of their PHI.

Encryption is an essential tool and should be worked into part of your practice’s HIPAA risk assessment.

If you choose to allow your PHI to be stored off-shore, make sure to have adequate contractual protections in place – and make sure to enforce them.

No matter where you choose to store your practice’s PHI, make sure to have adequate business associate agreements in place, proper policies and procedures, and regular trainings regarding privacy and security.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, click here to Subscribe.

Do you need help staying current and compliant with the latest laws, rules and regulations?  We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs:  CLICK HERE.

P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.