Six critical steps to prevent unauthorized
access to confidential patient data

Sameer Sule
Healthcare Technology Consulta...
Protecting Patient Data


It is the law (HIPAA Security Rule)



It is the prudent thing to do



Protecting your data ...
ePHI Access
Ask these two questions:


Who needs access to electronic protected
health information (ePHI) in the organiza...
Six critical steps to prevent
unauthorized access to ePHI

3/3/2014

www.kinarainsights.com

4
Step One
Follow the “Minimum Necessary” Principle:




Restrict ePHI access only to those people that
need it to perform...
Step Two



Have a well written access policy and
procedure in place that clearly communicates
the approval procedure for...
Step Three


Implement audit software that:




3/3/2014

Generates the list of individuals with ePHI access
Provides ...
Step Four



Implement policy that mandates periodic
audits of the ePHI access procedure


3/3/2014

Revoke or grant acc...
Step Five



Regularly train employees on their ePHI
security and compliance responsibilities

3/3/2014

www.kinarainsigh...
Step Six



Have all documentation readily available in
case of an audit

3/3/2014

www.kinarainsights.com

10
THANK YOU
CONTACT
Sameer Sule
Healthcare Technology Consultant
Author: “Protecting Electronic Health Information: A Practi...
Upcoming SlideShare
Loading in …5
×

Six critical steps to prevent unauthorized access to confidential patient data

1,077 views

Published on

Preventing unauthorized access to patient data in a healthcare organization by employees and outsiders, is critical to ensuring its security. Take these six steps to monitor and manage who has access to patient data in your organization.

Published in: Healthcare
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,077
On SlideShare
0
From Embeds
0
Number of Embeds
262
Actions
Shares
0
Downloads
8
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Six critical steps to prevent unauthorized access to confidential patient data

  1. 1. Six critical steps to prevent unauthorized access to confidential patient data Sameer Sule Healthcare Technology Consultant KINARA | INSIGHTS creating value through technology
  2. 2. Protecting Patient Data  It is the law (HIPAA Security Rule)  It is the prudent thing to do  Protecting your data = Protecting patients & your healthcare organization 3/3/2014 www.kinarainsights.com 2
  3. 3. ePHI Access Ask these two questions:  Who needs access to electronic protected health information (ePHI) in the organization?  How much ePHI access is needed by an individual to perform his/her job? 3/3/2014 www.kinarainsights.com 3
  4. 4. Six critical steps to prevent unauthorized access to ePHI 3/3/2014 www.kinarainsights.com 4
  5. 5. Step One Follow the “Minimum Necessary” Principle:   Restrict ePHI access only to those people that need it to perform their jobs AND Restrict access to ePHI data to the minimum necessary for people to do their jobs Be STINGY in giving ePHI privileges 3/3/2014 www.kinarainsights.com 5
  6. 6. Step Two  Have a well written access policy and procedure in place that clearly communicates the approval procedure for granting ePHI access to an individual 3/3/2014 www.kinarainsights.com 6
  7. 7. Step Three  Implement audit software that:    3/3/2014 Generates the list of individuals with ePHI access Provides a log of recent access activity Alerts management to any attempts to gain unauthorized access to ePHI www.kinarainsights.com 7
  8. 8. Step Four  Implement policy that mandates periodic audits of the ePHI access procedure  3/3/2014 Revoke or grant access privileges as needed www.kinarainsights.com 8
  9. 9. Step Five  Regularly train employees on their ePHI security and compliance responsibilities 3/3/2014 www.kinarainsights.com 9
  10. 10. Step Six  Have all documentation readily available in case of an audit 3/3/2014 www.kinarainsights.com 10
  11. 11. THANK YOU CONTACT Sameer Sule Healthcare Technology Consultant Author: “Protecting Electronic Health Information: A Practical Approach to Patient Data Security in Your Healthcare Practice” Amazon: http://www.amazon.com/author/sameersule Blog: http://www.kinarainsights.com/blog.html Linkedin: http://www.linkedin.com/pub/sameer-sule/7/b1b/511 Twitter:@sameersule 3/4/2014 www.kinarainsights.com 11

×