OSE_1309_part1_Layout 1 9/6/13 12:31 PM Page 40
LEGAL UPDATE
Lani M. Dornfeld, JD
New HIPAA Rules Protect
Patients' Electronic Data
10 steps to safeguard exchanges on the web.
L
ater this month,
updates to
HIPAA's rules
governing electronic
protected health
information, or "ePHI," go into effect.
The rules govern data
that's transmitted by
electronic means
SECURED SYSTEM Make sure your facility's patient data, and the devices it is stored
on and accessed through, are protected against breach and loss.
(such as via e-mail,
text message or another method of data transfer) or maintained in electronic media (such as laptops, tablets, smartphones or portable storage
devices such as hard drives or USB flash drives). One of the primary
compliance issues that you face is your surgeons' and staff's use of email, text messages and portable electronic devices when creating, sending and receiving patient information. The HHS's IT website (healthit.gov)
offers these 10 steps to ensure against a breach of unsecured patient
information:
1. Use a password or other authentication method to verify the identity of the
user, process or device. Configure your mobile devices to demand passwords, personal identification numbers or passcodes before they allow
access. Also configure them to activate a self-locking function after a set
period of device inactivity to prevent unauthorized access or viewing.
2. Install and enable data encryption. This will protect health information stored on mobile devices. This is one way to render information
"unusable, unreadable or indecipherable to unauthorized persons," as
4 0
O U T PAT I E N T S U R G E R Y M A G A Z I N E O N L I N E | S E P T E M B E R 2013
