TriPoint Healthcare Solutions

Advising, Educating, and Operationalizing Privacy and Security in Healthcare

HIPAA and the Holidays

by 1 Comment 

Turkey

‘Tis the kick off to the holiday season.  Time for families and friends to gather and celebrate one another, be thankful for life’s blessings, and eat way too much!  It is time to catch up and reminisce about the past year and all the fun and challenges that were faced.  With so many people working in healthcare, it is also easy to talk about that challenging and difficult patient you had, or how you did the right steps to save someone’s life.  While it is important to talk about work and all the good and bad that comes with it, keep in mind the privacy and security of patient information as you are celebrating the holidays.

So let’s celebrate HIPAA – Thanksgiving Style

T – Treat protected health information with confidentiality and integrity

H – Have a good time discussing successes but leave out the PHI details

A – Always remember that protecting patient information is a foundational duty

N – Never use patient identifiable data outside of work purposes

K – Kindly remind others to keep PHI private if it comes up in a discussion

S – Save the details for the medical record, where patient information should stay

G – Gossiping never leads to good outcomes – especially involving patient information

I – Imagine how the patient would feel knowing their PHI was disclosed during a holiday meal

V – Vow to respect the patients and remove PHI from conversations

I – Insulting patients by releasing and sharing PHI never has good outcomes

N – Nobody needs to know patient information unless they are involved in the care and treatment

G – Give all patients of healthcare the feeling of security knowing their information won’t be shared

Protecting patient information needs to happen both inside and outside the walls of work. Any information that you learn or gain for your day to day job duties about a patient, needs to stay confidential and not be released to others.  Information accidentally or inadvertently shared during a meal or during basic discussion can lead to a data breach, which impacts so many people including the healthcare organization, the patient, and the people sharing and/or receiving the information.

So, as we gather this holiday season, remember what the Hippocratic Oath states:

“What I may see or hear in the course of the treatment or even outside of the treatment in regard to the life of men, which on no account one must spread abroad, I will keep to myself, holding such things shameful to be spoken about.”

Happy Thanksgiving!!!!!!!

Data Breaches – Could Encryption Help?

by Leave a Comment

It is another typical day in the healthcare news market.  A laptop is stolen or lost form a healthcare organization that may have had patient information on it.  It is unclear exactly the information that was on the laptop, but due to the uncertainty and the unknown of what happened to the laptop and the fact that the laptop was not encrypted, a large data breach has just occurred.  With the mobility of technology on the rise, healthcare is vulnerable and susceptible to large data breaches due to the lack of security in health information.  Over 64% of data breaches over 500 individuals is due to theft or loss of media.  The questions is how many of these data breaches could have been prevented by encryption. 

Under the HIPAA Security Rule, protected health information (PHI) is considered unusable, unreadable, or indecipherable in two separate cases:

Electronic PHI has been encrypted – both for data at rest and data in motion

Media on which PHI is stored has been destroyed by shredding and sanitized where PHI cannot be reconstructed or retrieved. 

In both of the cases above, the information becomes secure PHI, which under the Breach Notification Rule is not considered a data breach and doesn’t require a covered entity to report unless the encryption key has also been disclosed. 

What exactly is encryption?  Encryption is an algorithmic process that transforms data from original text into encoded text.  The process provides security around the PHI that would allow it to be free from data interception or data altering in both data that is at rest or data that is in motion.  Ultimately by the use of encryption, there is a low probability that anyone other than the receiving party who has the key to unencrypt the data would be able to gain access to the information. 

As more media in healthcare continues to become smaller and more mobile, healthcare organization needs to evaluate the use of encryption as the tool to help reduce the number of data breaches that are occurring.  With proper use of encryption, healthcare organizations can feel more confident about the process of securing patient information and protecting against potential data breaches. 

Danika

Recent Posts

Connect With Us

TriPoint Healthcare Solutions
dbrinda@tripointhealthcaresolutions.com
Phone: 612.325.9742
Fax: 763.322.5027