I was recently asked to provide some tips on health IT and data security for a healthcare lawyer’s website. You can see the final blog post here, but I thought I’d share the 3 suggestions and tips I sent to them.
1. Encrypt all of your computers that store PHI (Protected Health Information) – If your hard drive is lost or stolen and it’s not encrypted, you’ll pay the price big time. However, if it’s encrypted you won’t have to worry nearly as much.
2. Avoid Sending SMS Messages with PHI – SMS is not HIPAA secure and there are plenty of high quality secure, HIPAA compliant text message options out there. Find one you like and use it. While being secure it also has other features like the ability to see if the recipient has read the message or not.
3. Do a HIPAA Risk Assessment – Not only is this required by HIPAA and meaningful use, it’s a good thing to do for your patients. Don’t fake your way through the assessment. Really dig into the privacy and security risks of your organization and make reasonable choices to make sure that you’re protecting your health data.
No doubt there’s a lot more that could be said about this topic, but I think these three areas are a good place to start. A huge portion of the HIPAA breaches that have occurred could have been prevented by doing these three things.
If you have other suggestions for people, I’d love to hear them in the comments. I’m sure there are some more obvious ones that I’ve missed.