Aug 24, 2021 | Live Compliance, Partner
There are many benefits to smartphones in the healthcare industry, however, there is also huge potential for HIPAA violations of patient privacy to be violated. It’s important to know what risk is associated with smartphones and other mobile devices.
CISA, or Cybersecurity and Infrastructure Security Agency, says “Mobile apps may gather information from your mobile device for legitimate purposes, but these tools may also put your privacy at risk.”
So, what are the risks associated with mobile device applications?
Apps are a convenient tool to access the news, get directions, or pick up rideshare, but these tools may also put your privacy at risk.
CISA says, when you download an app, it may ask for permission to access personal information—such as email contacts, calendar inputs, call logs, and location data—from your device. CISA goes on to say, “You should be aware that app developers will have access to this information and may share it with third parties, such as companies who develop targeted ads based on your location and interests.”
How can you avoid malicious apps and limit the information apps collect about you?
First, it’s helpful to reiterate that employee devices are for work purposes only. Therefore, applications on your workplace devices, including mobile devices must be approved by your Supervisor and must follow device guidelines set in place by your organization.
Employees must refrain from downloading, installing, and using apps such as social media platforms. Therefore, employees should refrain from posting, commenting, or sharing patient information on social media including patient names, photos, and descriptors that would identify the patient.
What steps can you take to secure data on your mobile devices?
- When using a public or unsecured wireless connection, avoid using apps and websites that require personal information and turn off Bluetooth.
- Avoid connecting your smartphone to any computer or charging station that you do not control. Charging stations are often found at transportation terminals and are not secure! Connecting a device to a computer using a USB cable can allow software running on that computer to interact with the phone.
- Do not leave your device unattended in public or in easily accessible areas.
- Ensure your device requires a password or biometric identifier to access it, so if is stolen, thieves will have limited access to its data.
If your device is stolen or misplaced, first, contact your IT administrator, supervisor, and/or designated HIPAA Security Officer immediately and notify them of the situation for immediate next steps. In general, it’s advised to, follow your organization’s Incident Response Policy immediately.
At Live Compliance, we make checking off your compliance requirements extremely simple.
-
- Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities, including those such as Password Protection.
- Policies and Procedures are curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
- Electronic, prepared document sending and signing to employees and business associates.
Call us at (980) 999-1585 or visit www.LiveCompliance.com.
ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.
[ Contribution from the marketing team at Live Compliance ]
Jul 27, 2021 | HIPAA, Live Compliance, Partner
HIPAA Social Media Do’s and Don’ts in Healthcare
There are many benefits to social media in the healthcare industry, however, there is also huge potential for HIPAA violations of patient privacy to be violated on social media networks. The Privacy Rule protects All “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper or oral. The Privacy Rule calls this information “protected health information (PHI).”
Did you know that more than 71% of recorded data breaches in the healthcare industry are attributable to employee actions?
The most important rule is to never share Protected Health Information or Personally Identifiable Information on social media. Social media may include personal blogs and other websites, including Facebook, LinkedIn, Twitter, YouTube, or others of the like.
A few common identifiers include but are not limited to:
-
- demographic data
- medical histories
- test results
- insurance information
- and other information used to identify a patient or provide healthcare services or healthcare coverage.
What is a breach and what can I do to avoid it?
A breach is, generally, an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information. This means employees should refrain from posting, commenting, or sharing patient information on social media including patient names, photos, and descriptors that would identify the patient.
What is considered identifiable information?
The most common social media HIPAA violations include:
-
- Posting of images and videos of patients without written consent
- Posting of gossip about patients
- Posting of any information that could allow an individual to be identified
- Sharing of photographs or images taken inside a healthcare facility in which patients or PHI are visible
- Sharing of photos, videos, or text on social media platforms within a private group
“Friending” patients on social media websites is also strongly discouraged. This can lead to accidental identifying of patients, especially if your place of work is listed in your profile and accidental ‘discussion’ about the patient’s care. Therefore, employees in inpatient care roles generally should not initiate or accept friend requests. Do not enter into social media discussions with patients who have disclosed PHI on social media.
Employees should also refrain from messaging or texting PHI or PII on social media or messaging applications not approved by your organization. In general, no personally identifiable health information should be sent in any manner which does not ensure communication encryption in transit and at rest.
So, what do you do if you think you may have exposed a patient’s protected health information or personally identifiable information?
In general, it’s advised to, follow your organization’s Incident Response Policy immediately and notify your supervisor and/or designated HIPAA Security Officer for immediate next steps.
At Live Compliance, we make checking off your compliance requirements extremely simple.
-
- Reliable and Effective Compliance
- Completely online, our role-based courses make training easy for remote or in-office employees.
- Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location. Conducting an accurate and thorough Security Risk Assessment is not only required but is a useful tool to expose potential vulnerabilities.
- Policies and Procedures are curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in the office, or out. Update in real-time.
- Electronic, prepared document sending and signing to employees and business associates.
Don’t risk your company’s future, especially when we are offering a free Organization Assessment to help determine your company’s status. Call us at (980) 999-1585, or email me, Jim Johnson at Jim@LiveCompliance.com or visit www.LiveCompliance.com
For more information about DarkWeb breaches please contact us at (980) 999-1585 or email us at support@livecompliance.com
ABOUT EZCLAIM:
As a medical billing expert, EZClaim can help the medical practice improve its revenues since it is a medical billing and scheduling software company. EZClaim provides a best-in-class product, with correspondingly exceptional service and support. Combined, EZClaim helps improve medical billing revenues. To learn more, visit EZClaim’s website, email them, or call them today at 877.650.0904.