Presentation is loading. Please wait.

Presentation is loading. Please wait.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Similar presentations


Presentation on theme: " Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office."— Presentation transcript:

1

2  Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office

3  Reasonable and appropriate safeguards that cover ›Information systems ›Related equipment ›Facilities

4  Physical measures ›Locking the door ›Requiring passwords  Policies and procedures ›For everything from employee training to protecting the data

5  Facility Access Controls ›Limiting physical access to ePHI  Workstation Use and Security ›Defining business use of workstations ›Controlling the environment  Device and Media Controls ›For all equipment that contains ePHI

6  Contingency operations  Facility security plan  Access control and validation procedures  Maintenance records

7  Disaster recovery or emergency operations ›Maintains proper security while allowing for data recovery  Cover such events as: ›Loss of power ›Flood  Consider access, as well as recovery ›Chemical spills ›Propane leak

8  Policies and Procedurescovering: ›Physical access control ›Tampering and theft prevention

9  Procedures ›Access based on roles and/or functions ›Visitor guidelines ›Software access ♦ Limit authority/responsibility ♦ Track updates/modification

10  Document ›Repairs and modifications to the facility ♦ Type of repair ♦ Authorized by whom ♦ Reason for repair ›Changes to alarm codes

11  Defined as an electronic computing device such as: ›Laptops ›Desktops ›Tablets  Capable of electronic media storage

12  Define business use of workstations  Policies and Procedures ›Proper functions to be completed ›Manner in which they are performed ›Physical attributes of the surroundings for the workstations with access to ePHI ♦ Visibility to others ♦ Accessible to unauthorized persons

13  Restrict access to authorized users ›Are workstations identified? ›Viewed only by authorized individuals with unique user IDs and passwords? ›Filters? ›Screen savers? ›Automatic log off?

14  Policies and procedures ›That govern how ePHI is protected ♦ During moves ♦ On backup media ♦ During upgrades

15  Disposal – of ePHI ›How does this happen?  Media re-use ›Is re-use allowed? ›What steps are taken to eliminate ePHI  Accountability ›Where is the ePHI?  Data Backup and Storage

16  Policies and procedures that address the final disposition of ePHI ›Including the media that held it ›Render it unusable ♦ By erasing and overwriting or magnetically clearing or both ›Or inaccessible ♦ By physically damaging it

17  Remove ePHI  Document the removal  Have a policy and procedure that outlines the process

18  Involves record keeping ›This is only addressable in the final security rule, however, it would be very difficult to justify not keeping track of equipment  Inventory of equipment that includes portable media ›Take account of ♦ Person responsible for each device ♦ Serial numbers and/or labels for identification

19  Address the backup of ePHI before the movement of any equipment ›Best to have a copy, just in case something unexpected happens!

20 Have in place:  Policies and procedures that cover ›Audits ♦ To track changes to data ♦ To review accesses ›Inventory ♦ To know where the ePHI is located

21 ›Device Name ›Make/Model ›Date Acquired ›Serial Number ›Location ›User ›Maintenance Performed ♦ Description and Date ›Date taken out of Service ♦ ePHI destroyed (Y/N) ♦ Method of destruction ♦ Certificate of destruction ›Person responsible for destruction of ePHI ›Person who validated or verified destruction of ePHI  Should contain elements such as :

22  Inventory ›Walk through your office ›Notice everything ♦ Both in-service and out of service equipment ›Record it all ›Include portable and mobile devices  Check the ePHI on the inventory ›Record everything

23  Offices / Exam Rooms ›Doors and windows - lockable?  Restricted areas ›Locked and log of access maintained?  Alarms ›Who has access? Recent changes?  Wireless access points ›Monitor the devices that access your network  Wiring ›Are surge suppressors in use?

24  With the eyes of an outsider is ePHI ›Viewable? ›Portable – on unattended laptops? ›In use – where? On what? ›Is there out-of-service equipment with ePHI? ›Accessible via your network? ♦ Monitor users on the network ♦ Have in place termination procedures that include disabling network access

25  Make changes ›Move monitors ›Turn desks ›Lock up equipment ›Secure work areas  Control access ›Know who has had the opportunity to view or hack your ePHI ♦ Telephone repairs ♦ Electricians ♦ Locksmiths

26  Printers ›What’s being printed? ›Who can retrieve the paper? ›Where is it located?  Faxes and scanners ›What is stored on the machine? ›Where is it located? ›Who can access the data?

27  Incidental equipment ›Pagers ›Dictaphone tapes ›Answering machines ›Point of care devices ›External hard drives  Network wiring ›Are access points open and available?  Location of the router ›Is it secure?

28  Protect all equipment from: ›Outside access ›Unauthorized use ›Wandering off  For Electronics ›Use surge protectors  Review fire extinguishers ›Rated for electronics

29  ePHI ›Is vast ›Requires special protections and safeguards ›Is subject to HIPAA’s Security Rule  You have to know where the ePHI is located in order to protect it  Take every precaution possible to protect ePHI

30 QUESTIONS?


Download ppt " Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office."

Similar presentations


Ads by Google