HIPAA Security Tip: Understand Your Data Flow
Increase security and take the pain out of HIPAA compliance.This article is an excerpt from our ebook, 5 Healthcare Security Lessons From the Field. To download your free copy of the complete ebook, click here.
With over 10 years of security assessment and audit experience, we have seen wide ranges of network environment complexity, IT staff experience, and executive team support. One consistency in the overwhelming majority of our assessments are deficiencies in data security, even in well-established organizations employing experienced IT staff.
Here is just one of the many lessons we’ve learned from the most commonly overlooked security errors we see in healthcare organizations. Learning about, identifying, and resolving these security mishaps in your organization will not only increase your security, but also help you take the pain out of the HIPAA compliance process.
Understand your data flowIn order to protect your patient data you must understand the flow of protected health information (PHI) throughout your network. Your PHI flow includes where PHI enters, moves, and is stored in your system.
From the fieldA lack of communication between departments can lead to not understanding your data flow, which often creates security and compliance issues.
During an onsite interview with customer service representatives, we discovered they were recording PHI in notebooks or Excel spreadsheets for future reference. These new copies of PHI were not protected or encrypted in any way. In fact, one representative showed us her desk drawer with dozens of notebooks filled with PHI. Not only is unencrypted PHI a HIPAA violation and security issue, but the fact that the organization was unaware of this practice is a big problem.
Take the pain out of HIPAA compliance
|Example of a simple flow diagram|
Want more tips? Download your free copy of the complete ebook here.