Protect all Protected Health Information (PHI), in all media: paper, oral, and electronic.
Remind workforce members about the importance of always protecting PHI, on an ongoing basis.
Encrypt electronic Protected Health Information (e-PHI) in transit, and at rest.
Verify patients' HIPAA identifiers before accessing, disclosing or releasing PHI.
Enforce The HIPAA Rules.
No rush!
Train every single workforce member about HIPAA.
Verify access to any and all health information systems via two factor authentication methods.
Implement administrative, physical, and technical safeguards.
On-going encrypted online and off-line back-ups, and HIPAA Security Risk Analyses must be conducted.
Limit access, disclosure and release of PHI to the minimum necessary, as applicable.
Apply full disk encryption to company devices: laptops, tablets, and phones.
Transmit e-PHI with caution, and per the HITECH Act.
Implement HIPAA policies and procedures, that are consistent to HIPAA.
Operate on the HIPAA Federal floor, unless your "contrary" state laws' specific exceptions, or the Secretary or designated HHS official determination of specific criteria to a request, apply.
Never discuss PHI on social media.
Strengthen your cyber security posture, as HIPAA Covered Entities, Business Associates, or Subcontractors.
Comments