Protect Patient Data on the Internet with These 6 Steps

August 26, 2015 – In The News
Medical Practice Compliance Alert

Michael Kline and Elizabeth Litten were featured in the Medical Practice Compliance Alert article. Full text can be found in the August 17, 2015, issue, but a synopsis is below.

Employee guidelines and restrictions are being put into place in order for providers to avoid HIPAA violations. Internet applications and files should be included in HIPAA compliance plan, or a violation is on the radar of the Office for Civil Rights (OCR).

St. Elizabeth’s Medical Center (SEMC) in Brighton, MA settled potential HIPAA violations for $218,400. One incident involved SEMC’S use of an unauthorized internet-based document. Michael Kline pointed out, “this hospital is like a recidivist;” due to SEMC’s having had two prior electronic incidents.

OCR sends messages about HIPAA through resolution agreements. Elizabeth Litten says, “That is the first resolution agreement focused on electronics.” These settlements highlight OCR’s concerns of misuse by providers of Internet-based document sharing or other applications.

Some steps to protect patient data on the internet include,

1. Review the internet applications your practice uses. Litten says, “Take steps such as encryption to protect the data when it’s shared, transmitted and stored.”

2. Ask the application’s manufacturer about its security safeguards. “If a manufacturer claims that (its application) is HIPAA protected, ask what that means” Litten urges.

3. Investigate all internal and external complaints and concerns. Kline says, “Expect the government to find out about PHI exposed on the Internet from a third party.”

4. Keep track of the steps you take to identify and fix the problem. “You do better if you have a history that you endeavored to comply with HIPAA,” says Kline.

5. Allow employees to report concerns anonymously. Kline suggests, “You need a private place where people feel they’re not being watched.”

6. Don’t allow staff to use unauthorized public networks. “Don’t open documents in, say, a Starbucks,” warns Litten.