Healthcare in the Age of Data
How to Secure PHI at a Small Allied Health Practice

To secure your patient's protected health information (PHI) and comply with HIPAA New browser window icon. standards, you'll have to routinely practice strong data security habits on a daily basis. That's easier said than done.

In other articles on this website, we've gone over the organization-wide strategies your small medical practice needs to implement to be HIPAA compliant (see, "15 Things HIPAA Privacy Rules Mean for Your Business"). In this article, we'll focus on the small-scale tactics. Here are few things your employees can do each day that will help you prevent a data breach and HIPAA violation.

HIPAA Compliance: Dos and Don'ts of Securing PHI

HIPAA Compliance: Dos and Don'ts of Securing PHI

At a small medical practice, each individual nurse, therapist, doctor, or staff member needs to be on the same page when it comes to data security.

The small size of your practice means you might not have the staff to double-check everyone's work and probably don't have the IT budget to buy high-end HIPAA compliant software. To compensate, you'll need to focus more on educating your employees on HIPAA best practices and securing your data security by taking these basic steps:

  1. Follow best practices for passwords and login IDs. Your employees need to have unique passwords and logins for their work accounts. They can't use the same password for their network account that they use for their Facebook account. Why do they need unique logins? If hackers break into an employee's personal account, the breach could give them access to your business's network if they use the same login information.
  2. Never email PHI or share data using non-HIPAA compliant technology. Some email providers aren't HIPAA compliant because they don't offer adequate encryption. If another party needs a patient record, send it using HIPAA compliant email or file sharing.
  3. Backup PHI data. Don't forget that part of HIPAA compliance will mean protecting data from loss and accidental deletion. Before you sign up for a cloud-based data backup, check to see if the data is always encrypted on its servers (even while passing between servers). You should be backing up your data every day, but as with all healthcare IT, make sure it's HIPAA compliant.
  4. Take extra precautions when traveling with laptops and mobile devices. Redspin reports [PDF] New browser window icon. that the most common cause of HIPAA data breach is a stolen or lost device, accounting for 35 percent of all breaches. While cyber criminals pose a threat, make sure your employee understand that physical theft is also significant risk. Leaving a laptop in the backseat of a car is not only ill-advised, but it can lead to an expensive HIPAA fine.

While these basic dos and don'ts can help your employees avoid costly HIPAA violations, you will also have to invest in antivirus software, upgrade your computers, and take other measures to improve the security of your IT. For general recommendations on improving your business's IT security, read this Data Security Education Packet New browser window icon. posted by our sister site TechInsurance.

Teach Your Employees about Data Security and HIPAA Privacy Rules

Teach Your Employees about Data Security and HIPAA Privacy Rules

In order for your employees to understand the importance of HIPAA privacy rules, try taking an unconventional approach: emphasize the cost of a HIPAA violation.

Explain to your employees that HIPAA violations can lead to million-dollar penalties from the Department of Health and Human Services. Use specific examples to highlight how simple oversights could lead to costly breaches. For example:

  • An Arkansas health insurance provider was fined $250,000 New browser window icon. after a laptop was stolen from an employee's car. The computer only had 148 PHI records on it, but the provider was fined heavily for not taking adequate steps to encrypt this data and prevent laptop theft.
  • A Massachusetts Dermatology practice had to pay a $150,000 fine New browser window icon. after a thumb drive containing 2,200 records was stolen from an employee's car.

Once employees understand that they play a key role in preventing HIPAA fines and saving the business from a costly penalty, they'll be onboard. Educating your employees about actively protecting data security will help your business execute HIPAA best practices on a day-to-day basis.

Customer Rating 4.9 out of 5
Read Customer Reviews

Grab-n-Go Information

Free eBook
HIPAA, Social Media, and Technology: A Guide for Mental Health Professionals
Browse eBook
Sample certificates
See a sample Certificate of Liability Insurance, the proof of coverage you need for most contracts.
View Sample
Sample Quotes & Cost Estimates
See what insurance really costs: actual quotes by policy & specialty.
Get Estimates
Ask A Question
Submit your questions about small business insurance and get answers from our experts.
Read Answers