Your reputation is at stake: one stolen unencrypted laptop containing protected health information (PHI) constitutes a breach, forcing you to publically disclose the breach to patients, potentially on your website, and the mass media.
“If providers take steps to properly encrypt desktops and laptops they may be able to take advantage of the ‘safe harbor’ provision within the regulation.” – Dan Jackson, Senior Security Engineer, VCPI
Protect your reputation now:
Assign a HIPAA Compliance Officer if you don’t have one already, who is trained and well-versed with HIPAA, compliance, and the HITECH Act.
Incorporate the Breach Notification Standards into your existing HIPAA compliance program.
Take an inventory of all assets on which PHI resides. Be sure to include items like USB drives, portable devices (PDAs, cell phones, etc.), and all other mobile media devices.
Take an inventory of all roles and people who share PHI in various forms: paper, email, text messages, verbally, fax, etc.
Reduce the number of roles, people, and assets requiring PHI to a bare minimum.
Assign people to roles and create an electronic means of limiting access to PHI by these roles.