Identify the Risk Groups and Safeguard PHI Sensitive information, such as PHI and PII, is a critical asset within a health care organization. Identifying the risk groups helps clarify operational context and reveals potential vulnerabilities across the IT infrastructure. By doing this, we establish clear priorities for making security investments [...]

HIPAA Alphabet Soup The Acts that made all this privacy and security possible: HIPAA: Health Insurance Portability and Accountability Act HITECH Act: Health Information Technology for Economic and Clinical Health Act ARRA Act: American Recovery and Reinvestment Act Key acronyms: BA: Business Associate CE: Covered Entity EHR: Electronic Health Record, [...]

Unique User Identification – Logon ID The HIPAA Security Rule requires Covered Entities and Business Associates to implement a “Unique User Identification” for systems holding Electronic Protected Health Information (ePHI). It is a “required” implementation specification under the Access Control Standard and should be employed for all information assets that [...]

Potential HIPAA Security Violations When an unencrypted device containing ePHI is stolen or missing, this could result in a HIPAA security violation. For example: A thumb drive containing the Electronic Protected Health Information (ePHI) of approximately 2,200 individuals was stolen from a vehicle. The entity needed to conduct an accurate [...]