Ensure Patient Info is Encrypted to Be Exempt from Breach Regs
New regulations issued by the US Department of Health and Human Services (DHHS) require physicians and other individuals and entities covered under the Health Insurance Portability and Accountability Act (HIPAA) to notify individuals when their health information has been breached. A “breach” means the “acquisition, access, use or disclosure of protected health information in a manner not permitted . . . which comprises the security or privacy of the protected health information.” Depending upon the number of patients whose health information may have been breached, a medical practice may be required to notify the DHHS and the statewide media in addition to notifying patients.For example, if a physician maintains patient information in a laptop computer containing the unsecured information of more than 500 patients and the laptop is stolen, the physician would be required to notify not only the patients affected by the breach, but would likely need to also notify the DHHS and the media. A medical practice need not report a breach if the patient information has been properly encrypted – because information that is encrypted is not considered “unsecure.”
NYS Med Society strongly recommended that if a medical practice maintains or stores patient information in electronic form, the medical practice should consider encryption. The Breach Notification requirements are very onerous and encryption will enable a medical practice to avoid the Breach Notification Requirements. The problem is most commercially available electronic medical records don’t yet offer encryption as an option!!!
For more information click here.
Pingback: Identity Resolution Daily Links 2009-11-09 - Identity Resolution Daily
Pingback: Interim Final Rule on Enforcement Issued | Avoid Breach Notification - Experior helps with Encryption
Pingback: Do your tablet, laptop, and desktop PCs need encryption if you use web-based EMR/EHR/PHR? | Avoid Breach Notification - Experior helps with Encryption
Pingback: Las Vegas Sun: UMC Privacy lapses are the norm | Avoid Breach Notification - Experior helps with Encryption
If your EMR provider doesn’t offer data encryption, look to their/your IT vendor for HIPAA compliant or encrypted data offerings – if they can be considered HIPAA compliant business associates, they should offer a more secure solution between networks.
HIPAA violations are a serious problem; the privacy of individual medical records is an important right. Examples of a HIPAA violation include the publication of any medical records, such as on the Internet, unauthorized access to medical records by employees or outside personnel, unauthorized release of medical information to a patient’s employer or the sale of an individual’s medical records.