Securing Protected Health Information (PHI) is becomes increasingly important for hospitals and other health care facilities. Medical fraud is increasing and the consequences of regulatory non-compliance and the exposure of PHI have become real fiscal problems for many organizations. So how does a hospital protect itself, the three tips below provide a good starting point.
Abstracted from A glimpse inside the $234 billion world of medical fraud, Government Health IT - February 08, 2012 | Rick Kam, President and CEO, ID Experts and Christine Arevalo, director of healthcare identity management, ID Experts
Three tips for protecting patient data
Preparation is the best defense for mitigating the chances of a data breach and the costly consequences of medical identity theft. To start preparing now, we recommend that healthcare organizations:
- Take an inventory of PHI/PII. An inventory provides a complete accounting of every element of personally identifiable information (PII) and PHI that an organization holds, in either paper or electronic format. It helps determine how an organization collects, uses, stores and disposes of its PHI. By revealing the risks for a data breach, a PHI inventory helps an organization protect PHI data and best plan for a response based on real information.
- Develop an Incident Response Plan (IRP). An IRP is an effective, cost-efficient means for helping organizations meet HIPAA and HITECH requirements and develop guidelines related to data breach incidents. The IRP designates roles and provides guidelines for the response team's responsibilities and actions.
- Review contracts and agreements with business associates. Business associates are a growing cause of data breaches. These contracts authorize and define business associates' use of the PHI they share with healthcare providers. Keeping these contracts up-to-date demonstrates compliance to regulators and helps maintain consistency in how PHI is managed in a healthcare ecosystem.
