Promote the importance of maintaining HIPAA Compliant
How easily HIPAA can be considered breached or violated:
- If HIPAA security rule is not followed you may be subject to large fines, lawsuits, and potential jail time
- There are many little things that could potentially create a large issue
Three Safeguards and how they are implemented with HIPAA Video’s platform and provider’s practice
- Physicians are able to sign notes and be able to have to access to everything
- NP can’t change certain notes or alter or destroy protected health information
- Assistant Controls
- How this applies and works with clinics and other facilities
- Showing providers and healthcare organizations how committed HIPAA Video is to helping their practices maintain HIPAA compliance and not risking malpractices lawsuits, breaches, or violations
- Recommendation: Requirement for the password to be changed every three months
- Have something that states the importance of how the HIPAA security rule relates to passwords
- Who has access to and can log in into account
- Who has access to passwords?
- What if a device becomes lost or stolen?
- All of this data can be breached
- Not saving the password on auto-save, so you are able to login in without typing out information
- Secured workstations
- Any device
- Cellphone, personal laptop, desktop, etc.
- Opens a window to a security breach
- Right now this is not secure
- Secure lock screen
- Corner of the screen (click it)
- Then re-click button when back to the workstation (lobby)
- Type in a pin, passcode, facial recognition, Google push duo
- Integrity Controls
- Patient notes
- In order to maintain the integrity of patient records, health data should not be destroyed or altered in any unauthorized way
- Ie. The patient said to Dr. complained of chest pains, Dr. prescribed medicine and was the wrong prescription. The patient passed away, and family files lawsuit.
- Dr. can edit notes
- They are not signed
- How are they being signed?
- Are they time stamped?
- Access controls
- End to end encryption
- Audit controls
- Two-step authentication
- Biometrics, facial recognition, codes
- The use of a certified electronic health record technology (CEHRT) does not mean the practice or organization is compliance with HIPAA
- Security functions in CEHRT may be turned off, which can create vulnerabilities
- These can be counterintuitive to the Privacy and Security Rule
- Promote the use of anti-virus
- Promote using different passwords that are commonly used by the provider