Preventing unauthorized access to patient data in a healthcare organization by employees and outsiders, is critical to ensuring its security. Take these six steps to monitor and manage who has access to patient data in your organization.
Book Call Girls in Hosur - 7001305949 | 24x7 Service Available Near Me
Six critical steps to prevent unauthorized access to confidential patient data
1. Six critical steps to prevent unauthorized
access to confidential patient data
Sameer Sule
Healthcare Technology Consultant
KINARA | INSIGHTS
creating value through technology
2. Protecting Patient Data
It is the law (HIPAA Security Rule)
It is the prudent thing to do
Protecting your data = Protecting patients &
your healthcare organization
3/3/2014
www.kinarainsights.com
2
3. ePHI Access
Ask these two questions:
Who needs access to electronic protected
health information (ePHI) in the organization?
How much ePHI access is needed by an
individual to perform his/her job?
3/3/2014
www.kinarainsights.com
3
4. Six critical steps to prevent
unauthorized access to ePHI
3/3/2014
www.kinarainsights.com
4
5. Step One
Follow the “Minimum Necessary” Principle:
Restrict ePHI access only to those people that
need it to perform their jobs
AND
Restrict access to ePHI data to the minimum
necessary for people to do their jobs
Be STINGY in giving ePHI privileges
3/3/2014
www.kinarainsights.com
5
6. Step Two
Have a well written access policy and
procedure in place that clearly communicates
the approval procedure for granting ePHI
access to an individual
3/3/2014
www.kinarainsights.com
6
7. Step Three
Implement audit software that:
3/3/2014
Generates the list of individuals with ePHI access
Provides a log of recent access activity
Alerts management to any attempts to gain
unauthorized access to ePHI
www.kinarainsights.com
7
8. Step Four
Implement policy that mandates periodic
audits of the ePHI access procedure
3/3/2014
Revoke or grant access privileges as needed
www.kinarainsights.com
8
9. Step Five
Regularly train employees on their ePHI
security and compliance responsibilities
3/3/2014
www.kinarainsights.com
9
10. Step Six
Have all documentation readily available in
case of an audit
3/3/2014
www.kinarainsights.com
10
11. THANK YOU
CONTACT
Sameer Sule
Healthcare Technology Consultant
Author: “Protecting Electronic Health Information: A Practical Approach
to Patient Data Security in Your Healthcare Practice”
Amazon: http://www.amazon.com/author/sameersule
Blog: http://www.kinarainsights.com/blog.html
Linkedin: http://www.linkedin.com/pub/sameer-sule/7/b1b/511
Twitter:@sameersule
3/4/2014
www.kinarainsights.com
11