Tuesday, March 3, 2015
Monday, January 12, 2015
Should the laptop or device become misplaced or stolen, the data contained on its encrypted drive is completely inaccessible without the associated encryption key. This extra level of protection prevents unauthorized users from accessing sensitive information. It also means that organizations are not required to notify those whose ePHI is contained on the device should it be misplaced.
In October 2014, a Northwestern Memorial HealthCare laptop computer that was not protected with disk encryption was stolen from an employee’s vehicle. In accordance with the HIPAA Breach Notification Rule, Northwestern Memorial was required to notify the 2,800 patients whose ePHI was contained on the computer (Read more). Breaches such as this can be easily avoided through the encryption of device hard drives.
Please contact LaSalle Consulting Partners to find out how we can help you develop and implement policies that help safeguard ePHI, even away from the office.
Monday, October 27, 2014
Peripheral devices are devices on your network other than your computers and servers. These include devices such as printers, multi-function copiers, scanners, tablets, and mobile phones. If any of these devices are used to store or process sensitive information, and contain a hard drive or other form of memory, then your organization may be vulnerable to a security breach.
Wednesday, June 18, 2014
The number of staff that work from home has continued to increase at benefit fund offices as it has with many other organizations. While this can be beneficial for both the Fund office and the remote worker, it also poses HIPAA related security concerns. Lack of security in the home computer environment can lead to a fund office network breach and/or unauthorized access to electronic personal health information (“ePHI”).
Without proper policies and security in place the following can occur:
- Lack of a firewall or an improperly configured DSL or cable modem could allow unauthorized access by a hacker to the home worker’s computer. Once the hacker has gained access to the computer they could possibly use the connection to access the fund office network.
- Depending on the security in effect, it may be difficult to prevent a home worker from copying files from the fund office network to the home worker’s PC. If there is any possibility of this happening, the home worker’s computer should be encrypted similar to the PC encryption at the fund office. This would help prevent unauthorized access to ePHI if the computer were to be stolen.
- Lack of sufficient and up to date Microsoft security patches could allow unauthorized access by a hacker to a home workers computer. Once the hacker has gained access to the computer they could possibly use the connection to access the Fund office network.
LaSalle Consulting Partners can help you develop and implement policies that help safeguard ePHI. Please contact me at 312-361-3313 if we can be of help.
Tuesday, March 18, 2014
“Burden in this context means the time expended by persons
to generate, maintain, retain, disclose or provide the information requested.
This includes the time needed to review instructions, to develop, acquire,
install and utilize technology and systems for the purpose of collecting,
validating and verifying information, processing and maintaining information,
and disclosing and providing information, to train personnel and to be able to
respond to a collection of information, to search data sources, to complete and
review the collection of information, and to transmit or otherwise disclose the
Friday, January 24, 2014
Thursday, October 10, 2013