Increase security and take the pain out of HIPAA compliance.

This article is an excerpt from our ebook, 5 Healthcare Security Lessons From the Field. To download your free copy of the complete ebook, click here.

With over 10 years of security assessment and audit experience, we have seen wide ranges of network environment complexity, IT staff experience, and executive team support. One consistency in the overwhelming majority of our assessments are deficiencies in data security, even in well-established organizations employing experienced IT staff.


Here is just one of the many lessons we’ve learned from the most commonly overlooked security errors we see in healthcare organizations. Learning about, identifying, and resolving these security mishaps in your organization will not only increase your security, but also help you take the pain out of the HIPAA compliance process.

Understand your data flow

In order to protect your patient data you must understand the flow of protected health information (PHI) throughout your network. Your PHI flow includes where PHI enters, moves, and is stored in your system.

From the field

A lack of communication between departments can lead to not understanding your data flow, which often creates security and compliance issues.

During an onsite interview with customer service representatives, we discovered they were recording PHI in notebooks or Excel spreadsheets for future reference. These new copies of PHI were not protected or encrypted in any way. In fact, one representative showed us her desk drawer with dozens of notebooks filled with PHI. Not only is unencrypted PHI a HIPAA violation and security issue, but the fact that the organization was unaware of this practice is a big problem.


Take the pain out of HIPAA compliance

Example of a simple flow diagram
Fully understanding where PHI resides takes a lot of interdepartmental communication. Consult with all departments and individuals that collect, enter, store, transmit, or interact with PHI and create a PHI flow diagram based on your findings. (see picture) This exercise will assist in conducting a thorough risk analysis and identify where to focus security measures at your organization to adequately protect PHI.

Want more tips? Download your free copy of the complete ebook here.