Implementing the right security processes and measures is the backbone of year-round HIPAA compliance. Here are three tips to help bolster your PHI “individually identifiable health information” security.

  • Strong login measures: Ensure that only authorized users have access to PHI by implementing strong standards for ID and password complexity. Make sure that users change their default passwords immediately as well as have systems in place requiring that they change passwords on a regular basis.
  • Regular activity logging: Making sure that your IT staff and systems log everything will help comply with HIPAA in that you’ll be always tracking and documenting PHI happenings. Have the right logging and data monitoring technology in place so that you have records of where PHI is, who’s viewed it, and if a breach has occurred.
  • Take a multi-layer approach: User IDs and logins are just one layer of potential HIPAA breaches. You’ll also want to examine the security measures taken at various other layers, including network, systems, software, and firewalls. Don’t simply utilize default configurations, for instance, which can be more prone to breaches.

The HIPAA Privacy Rule defines PHI as “individually identifiable health information” stored or transmitted by a covered entity or its business associates. This can be in any form of media, from paper and electronic to verbal communications. 

The law further defines “individually identifiable health information” as an individual’s past, present, and future health conditions, the details of the health care provided to an individual, and the payment information that identifies or for which there is a reasonable basis to believe can be used to identify the individual.

This typically includes but is not exclusively limited to the following kinds of patient data:

  • Names and birthdates
  • Dates pertaining to a patient’s birth, death, treatment schedule, or relating to their illness and medical care
  • Contact information such as telephone numbers, physical addresses, and email.
  • Social Security Numbers
  • Medical record numbers
  • Photographs and digital images
  • Fingerprints and voice recordings
  • Any other form of unique identification or account number

The Goliath Cyber Advisory Team stands ready and has been helping small & mid-sized practices ensure they are implementing the right Cyber tools and strategy for achieving compliance.

Contact us today and lets discuss how we can help you!


Comments are closed