Promote the importance of maintaining HIPAA Compliant

How easily HIPAA can be considered breached or violated:

  • If HIPAA security rule is not followed you may be subject to large fines, lawsuits, and potential jail time
  • There are many little things that could potentially create a large issue

Three Safeguards and how they are implemented with  HIPAA Video’s platform and provider’s practice

1. Administrative

2. Physical

3. Technical

1. Administrative

Access levels:

  • Physicians are able to sign notes and be able to have to access to everything
  • NP can’t change certain notes or alter or destroy protected health information
  • Assistant Controls
  • How this applies and works with clinics and other facilities
    • Showing providers and healthcare organizations how committed HIPAA Video is to helping their practices maintain HIPAA compliance and not risking malpractices lawsuits, breaches, or violations
    • Passwords
  • Recommendation: Requirement for the password to be changed every three months
  • Have something that states the importance of how the HIPAA security rule relates to passwords
    • Who has access to and can log in into account
    • Who has access to passwords?
    • What if a device becomes lost or stolen?
    • All of this data can be breached
    • Not saving the password on auto-save, so you are able to login  in without typing out information

2. Physical

  • Secured workstations
  • Any device
    • Cellphone, personal laptop, desktop, etc.
    • Opens a window to a security breach
    • Right now this is not secure
  • Secure lock screen
    • Corner of the screen (click it)
    • Then re-click button when back to the workstation (lobby)
    • Type in a pin, passcode, facial recognition, Google push duo
  • Integrity Controls
    • Patient notes
    • In order to maintain the integrity of patient records, health data should not be destroyed or altered in any unauthorized way
      • Ie. The patient said to Dr. complained of chest pains, Dr. prescribed medicine and was the wrong prescription. The patient passed away, and family files lawsuit.
      • Dr. can edit notes
      • They are not signed
        • How are they being signed?
        • Are they time stamped?

3. Technical

  • Access controls
  • End to end encryption
  • Audit controls
  • Two-step authentication
    • Biometrics, facial recognition, codes
  • The use of a certified electronic health record technology (CEHRT) does not mean the practice or organization is compliance with HIPAA
    • Security functions in CEHRT may be turned off, which can create vulnerabilities
    • These can be counterintuitive to the Privacy and Security Rule
  • Promote the use of anti-virus
  • Promote using different passwords that are commonly used by the provider