Reasonable Safeguards for PHI

Reasonable Safeguards for PHI
Reasonable Safeguards Are Important

Protecting  PHI

Reasonable Safeguards for PHI are precautions that a prudent person must take to prevent a disclosure of Protected Health Information.  To protect all forms of PHI: verbal, paper, and electronic, provides must apply these safeguards.  They help prevent unauthorized uses or disclosures of PHI.  In addition safeguards must be part of every privacy compliance plan.  Organizations must share this with all members of the organization.

Safeguards for Verbal PHI

Apply Reasonable Safeguards for PHI to all of your verbal disclosures of Protected Health Information. When you work with a patient, first determine who is with the patient before discussing PHI.  Secondly do not assume the patient permits disclosure of their PHI just because family or a friend is in the room with them. Ask who is with the patient and if the patient permits disclosure.  Finally you may ask the persons to leave the room providing the patient an opportunity to object.

Paper PHI

In addition, reasonable safeguards for PHI must apply to the use of all paper products to prevent these from reaching the wrong person.  Providers must dispose of all paper products that have PHI in a shredder once no longer used.  Personnel must make every effort to give the patients summary to the correct patient.  When a paper patient summary is given to a patient, every effort must be made to give it to the correct patient.

Electronic PHI

Password protect all computers in order to protect electronic PHI.  Employees must only use the computer medical accounts to which they are assigned.   One must consider the use of encryption of any email or texts that contains ePHI.

Use of Reasonable Safeguards for PHI Prevent Violations

In conclusion the use of reasonable safeguards may be the difference between an Office for Civil Rights finding of a privacy violation or a finding that an incidental disclosure occurred.   The latter is secondary to a permissible disclosure, and not a violation. Reasonable safeguards protect PHI and help prevent you from violating patient privacy.

For more information follow this link.

Read about Breaches.

Using Cybersecurity to Protect PHI

Safeguard ePHI Cybersecurity Protect PHI Protected Health Information
Using Cybersecurity to Protect PHI

Risk From Many Sources

Using cybersecurity to protect PHI is a key feature of HIPAA.  Electronic protected health care information or EPHI is at increased risk from many sources:

  • Foreign hackers looking for data to sell – usually on the dark web
  • Ransomware attacks that lock up data until a ransom payment is received
  • Phishing schemes that lure the user into clicking a link or opening an attachment to deploy malicious software; and
  • Spear phishing –a targeted attack on a specific person that appears to come from a legitimate source usually instructing a transfer of funds.

What You Can Do

In order to safeguard EPHI against threats:

  • Firstly, know how to spot phishing emails.
  • Secondly, use strong passwords, two factor authentication and encryption.
  • Finally, have policies, procedures and safeguards in place to protect EPHI and Know who to report an incident to in your organization.

Prepare for Cyberattacks

In the case of a cyberattack or similar emergency an entity must:

  1. Execute it response and mitigation procedures and contingency plans.
  2. Report the time to other law enforcement agencies.
  3. Should report all cyber threat indicators to federal and information-sharing and analysis organizations.
  4. Finally, it must report the breach to OCR as soon as possible, but not later than 60 days after the discovery of a breach affecting 500 or more individuals.

Most importantly, OCR considers all mitigation efforts taken by the entity during in any particular breach investigation.  For instance, such efforts include voluntary sharing of breach-related information with the appropriate agencies.

For more information.

Above all, remember in the event of a cyberattack it is critical to comply with breach reporting requirements.

Finally, using cybersecurity to protect PHI remains the cornerstone to protecting all ePHI which all organizations should address in today’s healthcare climate.

For more information on this vital topic.

This is your HIPAA ABCs brought to you by HIPAA Associates.  Contact us for more information on this important topic. Follow us on Facebook and Twitter.