top of page
Writer's pictureDiane Evans

Data Security Requires Building Security!




By Diane Evans


new report from the U.S. Office for Civil Rights (OCR) sends a particular wake-up call to long-term care providers.  The finding: More than one-sixth of data security breaches occur as a result of lost or stolen equipment.

By contrast, the report indicates that only 7% of data security decision-makers are concerned about equipment losses. 

This is especially relevant to long-term care, due to the wide range of places where electronic equipment could reside - from unlocked vehicles to home offices.  Think about:


  • Workstations

  • Servers

  • Laptops

  • External hard drives

  • Backup devices

  • Flash drives

  • Smart phones

  • Cameras

  • Fax machines

  • Copiers


For executives within long-term care, the challenge becomes oversight and systematic management of data everywhere it exists. 

Here are some things to keep in mind for implementing a proactive building security plan:


  • Implement facility access controls with as much thought as you would secure your home. Make sure you consider all places where Private Health Information (PHI) may be accessed within physical locations.  Remember to check the security of places where old paper documents are stored.



  • Make sure to meet HIPAA requirements for policies and procedures to limit physical access to electronic information systems, and the facilities in which they are housed.   Access should be on a need-to-know basis only.



  •  Prepare the following, all of which are mandated under HIPAA and must be documented


Action Item for Long Term Care Executives: refer to the OCR report for more details.  Or, for a handy eight-page Building Security Task List to use in making assignments and tracking progress, visit www.guardededge.com for a free download. 

#HIPAA Compliance

#Data management for long-term care

#Data security best practices for long-term care


About the author

Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care.  Diane can be reached at devans@guardededge.com.  She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association. 

5 views0 comments

Recent Posts

See All

Comments


bottom of page