Protecting Privacy Without Harming Patients

Posted on February 21, 2011 by Michael Cassidy

Eric Liederman of Kaiser Permanente gave an interesting talk at HIMSS11 on protecting privacy without harming patients.  It is not uncommon for many audit trails to be full of non-essential information and not helpful in investigating security and privacy breaches.  The HIPAA Security Rule requires, among other things, a security risk analysis and the implementation of policies to help prevent security breaches.

The HIPAA audit trail (or audit log) should be used as a tool in monitoring security incidents.  It should contain few false positives. In addition, PHI should be encrypted, including with regard to mobile devices (such as USB thumb drives).  In addition, warnings may be shown as appropriate on user's screens to educate them on the proper use of patient's records.

In the event of a security incident (breach), create a plan and an accountable team and understand state and federal breach reporting requirements.

Tags:
Trackbacks (0) Links to blogs that reference this article Trackback URL
http://www.medlawblog.com/admin/trackback/240553
Comments (0) Read through and enter the discussion with the form at the end
Post A Comment / Question Use this form to add a comment to this entry.







Remember personal info?
Send To A Friend Use this form to send this entry to a friend via email.