Published on March 3, 2014
Six critical steps to prevent unauthorized access to confidential patient data Sameer Sule Healthcare Technology Consultant KINARA | INSIGHTS creating value through technology
Protecting Patient Data It is the law (HIPAA Security Rule) It is the prudent thing to do Protecting your data = Protecting patients & your healthcare organization 3/3/2014 www.kinarainsights.com 2
ePHI Access Ask these two questions: Who needs access to electronic protected health information (ePHI) in the organization? How much ePHI access is needed by an individual to perform his/her job? 3/3/2014 www.kinarainsights.com 3
Six critical steps to prevent unauthorized access to ePHI 3/3/2014 www.kinarainsights.com 4
Step One Follow the “Minimum Necessary” Principle: Restrict ePHI access only to those people that need it to perform their jobs AND Restrict access to ePHI data to the minimum necessary for people to do their jobs Be STINGY in giving ePHI privileges 3/3/2014 www.kinarainsights.com 5
Step Two Have a well written access policy and procedure in place that clearly communicates the approval procedure for granting ePHI access to an individual 3/3/2014 www.kinarainsights.com 6
Step Three Implement audit software that: 3/3/2014 Generates the list of individuals with ePHI access Provides a log of recent access activity Alerts management to any attempts to gain unauthorized access to ePHI www.kinarainsights.com 7
Step Four Implement policy that mandates periodic audits of the ePHI access procedure 3/3/2014 Revoke or grant access privileges as needed www.kinarainsights.com 8
Step Five Regularly train employees on their ePHI security and compliance responsibilities 3/3/2014 www.kinarainsights.com 9
Step Six Have all documentation readily available in case of an audit 3/3/2014 www.kinarainsights.com 10
THANK YOU CONTACT Sameer Sule Healthcare Technology Consultant Author: “Protecting Electronic Health Information: A Practical Approach to Patient Data Security in Your Healthcare Practice” Amazon: http://www.amazon.com/author/sameersule Blog: http://www.kinarainsights.com/blog.html Linkedin: http://www.linkedin.com/pub/sameer-sule/7/b1b/511 Twitter:@sameersule 3/4/2014 www.kinarainsights.com 11
Preventing unauthorized access to patient data in a healthcare organization by employees and outsiders, is critical to ensuring its security. Take these ...
... failed to prevent unauthorized access to confidential ... For Failing to Protect Patient Data ... and a critical component ...
Steps on how to prevent all unauthorized access to ... How to prevent unauthorized computer access. Most users are interested in taking steps to prevent ...
View 685 Access Confidential posts, ... •Unauthorized subnet access to confidential data. •Unauthorized user ... Six critical steps to prevent ...
Six critical steps to prevent unauthorized access to confidential patient data. Six Steps to Sharing. Six steps to quality. 7 Steps to Patient Safety.
Cyber Security Planning Guide . ... • Who has access to that data and under what circumstances? ... Its unauthorized disclosure could seriously and adversely
... Maintaining a Secure Environment, Weaving a ... use firewalls to prevent unauthorized access between ... is critical. Keeping data secure is ...
Legal Medical Record Standards ... prevent unauthorized people from accessing data or ... The Medical Record is confidential and is protected from ...