Sometimes we tend to focus strictly on the technical side of security and compliance and fail to notice the very important issues hiding in plain sight. While a hacker breaking into your network and stealing ePHI is the threat that is being talked about the most, it is sometimes the overlooked old-fashioned threats that present the greater risk.
Think about how many times a patient record has been sitting somewhere and how long does it actually take for someone to pick it up and walk off? What about allowing easy access to documents or equipment that contain sensitive data? Over the years we have seen clients forget some of the simple things that they could do to protect patient information.
Below is a simple walk-through checklist that you can use to recognize and fix security issues that may be hiding in plain sight…
- Have any documents been left on the counter face up when not in use?
- Have patient documents been left on a surface that is accessible to patients, visitors, vendors, etc.?
- Have paper charts been left unattended where someone could grab them while walking down a hall?
- Are all discarded documents containing PHI shredded or placed in a locked container to await shredding?
- Have security cameras been installed to track unauthorized access to anywhere patient data could be found?
- When calling a patient from the waiting room, do staff use only the patient’s name, and preferably only a first name?
- Have staff logged out of all unattended computers, especially those in exam rooms and publicly-accessible hallways?
- Do you and your staff lock unattended rooms that could provide access to the network or computer equipment?
- Is the back door (or other secondary entrance) ever left open or unlocked for any reason?
- Do you and your staff lock offices when unattended?
Sometimes, just by walking through on a weekly basis you can find simple issues that need to be addressed. We recommend doing this during business hours as you want to see what your visitors see. Not only will this help you be more vigilant in your security, but it will allow visitors to rest easier seeing that you are actively taking steps to protect them and their health information.
Protect Your Patients. Protect Your Practice. Protect Yourself.™
firstname.lastname@example.org | 512.310.0020