SlideShare a Scribd company logo
1 of 1
Download to read offline
HIPAA PHI Protection
Where is your PHI stored?
On your
computer.
The cloud
Remote servers
MS database
My Documents on
network shares
Other folders
on hard drive
Unencrypted images
in other folders
Development
test environments
1
2
3
4
5
6
7
Walk around your office to check for PHI left in the open
(e.g., sticky notes, computer screens)
Start a risk analysis to identify your biggest vulnerabilities
Make sure servers, back rooms, filing systems, offices, etc. are locked
Encrypt PHI on all electronic systems
Don’t leave PHI in your car or at your house
Securely empty your computer trash
Shred everything
Protected health information (PHI) isn’t just stored in your Electronic Health Record
system (EHR). It’s everywhere! HIPAA compliance law mandates that you protect PHI,
in all its forms, wherever it resides.
PHI is anything that identifies an individual
used for healthcare purposes.
Names
Geographic
subdivisions
Dates related
to an individual
Phone numbers
Fax numbers
Email addresses
Social Security
Numbers
Medical
record numbers
Health plan
beneficiary numbers
Account
numbers
Vehicle identifiers
URLs
IP address numbers
Biometric
identifiers
Full face
pictures
URL
Account
Number
Social
Security
#
Hello.
PatientX
?
Email
Shared network drives
Recycle bin
Excel documents
Word documents
Documents
EHR
Temporary browser cache files
HHS.gov DocumentsPatient Records
At the office.
waterplant!!
Trash bags
in dumpsters
Trash cans/
compactors
Under
desks
Closets
Back rooms
Backup drives
Sticky notes
Desk drawers
File rooms
Old computers/servers
no longer in use
On shelves
Charts
Calendars 17
USB drives
On your
network.
On the go.
c://MS database
c://entry01
c://entry02
c://entry03
c://entry04
At home
Laptops
Tablets
Smartphones
Carry on luggage
Paper
48%say they would
consider changing
healthcare providers
if their medical
records were lost
or stolen.*
* Ponemon Medical ID Theft Study, 2015
7 Top 7 ways to start protecting all PHI
consulting@securitymetrics.com
801.705.5656
© 2015 SecurityMetrics
PHI is often stored...
Talk to one of our consultants who can come
onsite to help you find and protect all your PHI!

More Related Content

Similar to HIPAA PHI Protection: Where is Your PHI Stored?

Handheld Devices
Handheld DevicesHandheld Devices
Handheld Devices
rbarreras
 
New Hire Orientation Ppt
New Hire Orientation PptNew Hire Orientation Ppt
New Hire Orientation Ppt
HALLEHUDSON
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10
ismaelhaider
 
PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15
Priya Harracksingh
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
R_Yanus
 

Similar to HIPAA PHI Protection: Where is Your PHI Stored? (20)

Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Handheld Devices
Handheld DevicesHandheld Devices
Handheld Devices
 
New Hire Orientation Ppt
New Hire Orientation PptNew Hire Orientation Ppt
New Hire Orientation Ppt
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
 
HIPAA Compliance Dangers for Digital Doctors
HIPAA Compliance Dangers for Digital DoctorsHIPAA Compliance Dangers for Digital Doctors
HIPAA Compliance Dangers for Digital Doctors
 
Ch. 13ppt
Ch. 13pptCh. 13ppt
Ch. 13ppt
 
Security awareness training ip5
Security awareness training ip5Security awareness training ip5
Security awareness training ip5
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10
 
PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15PriyaHarrackisngh_Portfolio_11_15
PriyaHarrackisngh_Portfolio_11_15
 
Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009Cyber Crime Evidence Collection Ifsa 2009
Cyber Crime Evidence Collection Ifsa 2009
 
Confidentiality & HIPAA Training Week 1 Discussion 2
Confidentiality & HIPAA Training Week 1 Discussion 2Confidentiality & HIPAA Training Week 1 Discussion 2
Confidentiality & HIPAA Training Week 1 Discussion 2
 
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.pptMSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
MSH-REB-Privacy-and-Security-Fundamentals-for-Researchers.ppt
 
Confidentiality Privacy and Security.ppt
Confidentiality Privacy and Security.pptConfidentiality Privacy and Security.ppt
Confidentiality Privacy and Security.ppt
 
telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptx
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
091005 Internet Security
091005 Internet Security091005 Internet Security
091005 Internet Security
 
information security and backup system
information security and backup systeminformation security and backup system
information security and backup system
 
HIPAA Training
HIPAA TrainingHIPAA Training
HIPAA Training
 
What Data Are You Leaking? BSidesLV Presentation
What Data Are You Leaking? BSidesLV Presentation What Data Are You Leaking? BSidesLV Presentation
What Data Are You Leaking? BSidesLV Presentation
 

More from SecurityMetrics

The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
SecurityMetrics
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 

More from SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 

Recently uploaded

Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di MakassarObat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
clarintahafafa
 
Catheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptxCatheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptx
AnushriSrivastav
 
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
Abortion pills in Kuwait Cytotec pills in Kuwait
 
Lion's Mane Mushroom: Benefits for Athletes and Active Individuals
Lion's Mane Mushroom: Benefits for Athletes and Active IndividualsLion's Mane Mushroom: Benefits for Athletes and Active Individuals
Lion's Mane Mushroom: Benefits for Athletes and Active Individuals
MyCo Planet
 
obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...
obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...
obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...
icha27638
 

Recently uploaded (20)

TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
TEST BANK For Robbins & Kumar Basic Pathology, 11th Edition by Vinay Kumar, A...
 
TEST BANK For Leddy & Pepper’s Professional Nursing, 10th Edition by Lucy Hoo...
TEST BANK For Leddy & Pepper’s Professional Nursing, 10th Edition by Lucy Hoo...TEST BANK For Leddy & Pepper’s Professional Nursing, 10th Edition by Lucy Hoo...
TEST BANK For Leddy & Pepper’s Professional Nursing, 10th Edition by Lucy Hoo...
 
TEST BANK For Success in Practical Vocational Nursing 10th Edition by Carrol ...
TEST BANK For Success in Practical Vocational Nursing 10th Edition by Carrol ...TEST BANK For Success in Practical Vocational Nursing 10th Edition by Carrol ...
TEST BANK For Success in Practical Vocational Nursing 10th Edition by Carrol ...
 
Student ergonomics ( Samrth Pareta ) .pptx
Student ergonomics ( Samrth Pareta ) .pptxStudent ergonomics ( Samrth Pareta ) .pptx
Student ergonomics ( Samrth Pareta ) .pptx
 
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di MakassarObat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
Obat Aborsi Makassar WA 085226114443 Jual Obat Aborsi Cytotec Asli Di Makassar
 
Catheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptxCatheterization Procedure by Anushri Srivastav.pptx
Catheterization Procedure by Anushri Srivastav.pptx
 
clostridiumbotulinum- BY Muzammil Ahmed Siddiqui.pptx
clostridiumbotulinum- BY Muzammil Ahmed Siddiqui.pptxclostridiumbotulinum- BY Muzammil Ahmed Siddiqui.pptx
clostridiumbotulinum- BY Muzammil Ahmed Siddiqui.pptx
 
Leadership Style - Code and Rapid Response Workshop
Leadership Style - Code and Rapid Response WorkshopLeadership Style - Code and Rapid Response Workshop
Leadership Style - Code and Rapid Response Workshop
 
Leading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practiceLeading large scale change: a life at the interface between theory and practice
Leading large scale change: a life at the interface between theory and practice
 
Nursing Care Plan for Surgery (Risk for Infection)
Nursing Care Plan for Surgery (Risk for Infection)Nursing Care Plan for Surgery (Risk for Infection)
Nursing Care Plan for Surgery (Risk for Infection)
 
Webinar: Advanced Cancer and End of Life
Webinar: Advanced Cancer and End of LifeWebinar: Advanced Cancer and End of Life
Webinar: Advanced Cancer and End of Life
 
End of Response issues - Code and Rapid Response Workshop
End of Response issues - Code and Rapid Response WorkshopEnd of Response issues - Code and Rapid Response Workshop
End of Response issues - Code and Rapid Response Workshop
 
ISO 15189 2022 standards for laboratory quality and competence
ISO 15189 2022 standards for laboratory quality and competenceISO 15189 2022 standards for laboratory quality and competence
ISO 15189 2022 standards for laboratory quality and competence
 
Navigating Conflict in PE Using Strengths-Based Approaches
Navigating Conflict in PE Using Strengths-Based ApproachesNavigating Conflict in PE Using Strengths-Based Approaches
Navigating Conflict in PE Using Strengths-Based Approaches
 
Session-1-MBFHI-A-part-of-the-Global-Strategy.ppt
Session-1-MBFHI-A-part-of-the-Global-Strategy.pptSession-1-MBFHI-A-part-of-the-Global-Strategy.ppt
Session-1-MBFHI-A-part-of-the-Global-Strategy.ppt
 
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
@Safe Abortion pills IN Jeddah(+918133066128) Un_wanted kit Buy Jeddah
 
Lion's Mane Mushroom: Benefits for Athletes and Active Individuals
Lion's Mane Mushroom: Benefits for Athletes and Active IndividualsLion's Mane Mushroom: Benefits for Athletes and Active Individuals
Lion's Mane Mushroom: Benefits for Athletes and Active Individuals
 
Pulse Check Decisions - RRT and Code Blue Workshop
Pulse Check Decisions - RRT and Code Blue WorkshopPulse Check Decisions - RRT and Code Blue Workshop
Pulse Check Decisions - RRT and Code Blue Workshop
 
The 2024 Outlook for Older Adults: Healthcare Consumer Survey
The 2024 Outlook for Older Adults: Healthcare Consumer SurveyThe 2024 Outlook for Older Adults: Healthcare Consumer Survey
The 2024 Outlook for Older Adults: Healthcare Consumer Survey
 
obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...
obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...
obat aborsi Trenggalek WA 081225888346 jual obat aborsi cytotec asli di Treng...
 

HIPAA PHI Protection: Where is Your PHI Stored?

  • 1. HIPAA PHI Protection Where is your PHI stored? On your computer. The cloud Remote servers MS database My Documents on network shares Other folders on hard drive Unencrypted images in other folders Development test environments 1 2 3 4 5 6 7 Walk around your office to check for PHI left in the open (e.g., sticky notes, computer screens) Start a risk analysis to identify your biggest vulnerabilities Make sure servers, back rooms, filing systems, offices, etc. are locked Encrypt PHI on all electronic systems Don’t leave PHI in your car or at your house Securely empty your computer trash Shred everything Protected health information (PHI) isn’t just stored in your Electronic Health Record system (EHR). It’s everywhere! HIPAA compliance law mandates that you protect PHI, in all its forms, wherever it resides. PHI is anything that identifies an individual used for healthcare purposes. Names Geographic subdivisions Dates related to an individual Phone numbers Fax numbers Email addresses Social Security Numbers Medical record numbers Health plan beneficiary numbers Account numbers Vehicle identifiers URLs IP address numbers Biometric identifiers Full face pictures URL Account Number Social Security # Hello. PatientX ? Email Shared network drives Recycle bin Excel documents Word documents Documents EHR Temporary browser cache files HHS.gov DocumentsPatient Records At the office. waterplant!! Trash bags in dumpsters Trash cans/ compactors Under desks Closets Back rooms Backup drives Sticky notes Desk drawers File rooms Old computers/servers no longer in use On shelves Charts Calendars 17 USB drives On your network. On the go. c://MS database c://entry01 c://entry02 c://entry03 c://entry04 At home Laptops Tablets Smartphones Carry on luggage Paper 48%say they would consider changing healthcare providers if their medical records were lost or stolen.* * Ponemon Medical ID Theft Study, 2015 7 Top 7 ways to start protecting all PHI consulting@securitymetrics.com 801.705.5656 © 2015 SecurityMetrics PHI is often stored... Talk to one of our consultants who can come onsite to help you find and protect all your PHI!