Data Privacy Checklist for Healthcare & Human Services Providers

Posted by George Ritacco on May 12, 2014 4:22:00 PM

datasecurityaudit.jpg

What Is Data Privacy?

Patients have legitimate reasons for wanting child welfare, medical and other health related information to be kept private. This information might affect their insurance coverage, employment situation, or may be considered embarrassing in their personal life.    

Areas of concern for privacy in healthcare and human services include:

  • Informational: The degree of control over personal information
  • Physical: The degree of physical inaccessibility to others  

Doctor/Patient privilege exists in many areas of healthcare, while patient data privacy is protected by law in the United States under both the Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic & Clinical Health Act (HITECH).  

What Is Personal Information? 

Personal information is any information that can be used to easily identify an individual.  This is usually considered to be first and last name (or first initial) in combination with additional identifying information such as Social Security Numbers, Drivers License or ID card numbers or similar.  Personal Health Information (PHI) is everything listed above in combination with health record information.

Data Privacy Checklist

Does your organization's client or patient data meet United States data privacy requirements?  If your data privacy systems fail any of these tests, it’s time to do something about it.

Use our simple checklist to find out:

  • Policies:
    • What are your IT Security & Data Privacy Policies?
    • Do you have an IT Security Program that meets or exceeds the minimum requirements outlined by the Health Insurance Portability and Accountability Act (HIPAA)?
    • Are your policies communicated regularly to your staff?
    • Are you familiar with international ISO security standards such as ISO 27001?
         
  • People:
    • Do you or your solution providers have dedicated staff with an in depth knowledge of the data privacy requirements of the Health Insurance Portability and Accountability Act (HIPAA)?
    • Are all your staff who handle sensitive data included in any IT Security or Data Privacy training?
    • Do you have procedures to ensure former employees do not have access to sensitive information?
                 
  • Access Controls:   
    • Is access to sensitive client data restricted to the correct personnel by the way of passwords and physical access controls?
    • Do you create and maintain security "groups" based on the user's role?  
  • Data Encryption: Most electronic health records are not only stored locally, but also off site on backup servers or cloud based solutions. 

    • Are locally stored hard drives (such as backup and storage) encrypted?
    • Is your data encrypted while it is in transit or accessible online?
          
  • Data Security

    • Do you have staff assigned to Data Security Roles?
    • Do your staff have regular training to keep them informed of technical and legal changes?
    • Do you have guidelines for laptops, portable storage, smartphones and other removable devices?
    • Are computers and programs password protected with individual passwords?
    • Are your systems penetration tested to ensure that they are hacker proof?
          
  • 24/7 Monitoring:

    • Do you have procedures that automatically monitor and log all access to data that flags suspicious activities or access?
         
  • Notification of Breaches:

    • Does your system notify you of security breaches and do you have an incident response plan as required under Health Information Technology for Economic & Clinical Health Act (HITECH)?
         
  • Disaster Recovery:

    • What happens when it all goes wrong?
    • What systems do you have in place in the event of a natural disaster such as an earthquake, hurricane or wildfire?
    • How will you ensure that regular/business as usual service resumes as quickly as possible?
       
  • Location:

    • Where is your data stored?
    • Is it in the United States or overseas? Overseas data may not be protected by United States privacy laws and could be subject to privacy breaches, spying, or worse.

Topics: Special Reports, FAMCare Tips and Tools, Technology Speak

Subscribe Here!

FAMcare reviews sourced by G2

 

Recent Posts


 

 

 


 

Search the Blog

  • There are no suggestions because the search field is empty.