By Diane Evans
A new report from the U.S. Office for Civil Rights (OCR) sends a particular wake-up call to long-term care providers. The finding: More than one-sixth of data security breaches occur as a result of lost or stolen equipment.
By contrast, the report indicates that only 7% of data security decision-makers are concerned about equipment losses.
This is especially relevant to long-term care, due to the wide range of places where electronic equipment could reside - from unlocked vehicles to home offices. Think about:
Workstations
Servers
Laptops
External hard drives
Backup devices
Flash drives
Smart phones
Cameras
Fax machines
Copiers
For executives within long-term care, the challenge becomes oversight and systematic management of data everywhere it exists.
Here are some things to keep in mind for implementing a proactive building security plan:
Implement facility access controls with as much thought as you would secure your home. Make sure you consider all places where Private Health Information (PHI) may be accessed within physical locations. Remember to check the security of places where old paper documents are stored.
Make sure to meet HIPAA requirements for policies and procedures to limit physical access to electronic information systems, and the facilities in which they are housed. Access should be on a need-to-know basis only.
Prepare the following, all of which are mandated under HIPAA and must be documented
Action Item for Long Term Care Executives: refer to the OCR report for more details. Or, for a handy eight-page Building Security Task List to use in making assignments and tracking progress, visit www.guardededge.com for a free download.
#HIPAA Compliance
#Data management for long-term care
#Data security best practices for long-term care
About the author
Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care. Diane can be reached at devans@guardededge.com. She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association.
Comments