Electronic Communication In Your Practice. How To Use & Mobile Devices While Maintaining Compliance & Security

Transcription

1 Electronic Communication In Your Practice How To Use & Mobile Devices While Maintaining Compliance & Security

2 Agenda 1 HIPAA and Electronic Communication Using In Your Practice Mobile This is Device an example Usage text. In Go Your ahead Practice and replace it Summary 5 Q & A 6 Fill Out Information Request Forms

3 HIPAA Compliant Can Be Used To Communicate With Patients? Yes but 1. Strong Security 2. Consent 3. Business Associate Agreement (BAA)

4 HIPAA Compliant How Does Work?

5 HIPAA Compliant There Are Several Options Choose Wisely. General Encrypted Options: 1. is encrypted and sent to recipient (key needed) 2. is encrypted and sent to webmail 3. is encrypted and sent to recipient (key NOT needed)

6 HIPAA Compliant 5 Strategies For Achieving HIPAA Compliant 1. Notify or Warn Your Patients 2. Document Patient s Consent 3. Use an EHR with a Patient Portal 4. Consider a HIPAA Compliant Solution 5. Manually Encrypt Transmitted Files

7 Mobile Devices Mobile Device Usage Is On The Rise

8 Mobile Devices Risks To Health Information

9 Mobile Devices Health Information When Using a Mobile Device

10 Mobile Devices Tips Mobile To Devices: Protect Tips & Secure to Health Information Protect and Secure Health Information Use Use a password a password or other other user user authentication. authentication. Keep security software up to date. Install Install and and enable enable encryption. encryption. Install Install and and activate activate wiping wiping and/or remote remote disabling. Disable and do not install file- Disable sharing and applications. do not install file- sharing applications. Install and enable a firewall. Install and enable a firewall. Install and enable security software. Install and enable security software. Research mobile applications (apps) before before downloading. downloading. Maintain physical control of your mobile device. mobile device. Use adequate security to send or receive health information over public Wi-Fi public networks. Wi-Fi networks. Delete all stored health information Delete before all discarding stored health or reusing information the before mobile discarding device. or reusing the mobile device.

11 Mobile Devices Your Practice s Policies and Procedures

12 Mobile Devices 5 Steps To Managing Mobile Devices 1.) DECIDE Decide whether mobile devices will be used to access, receive, transmit, or store patients health information or be used as part of the organization s internal networks or systems (e.g., your EHR system). 2.) ASSESS Consider how mobile devices affect the risks (threats and vulnerabilities) to the health information the organization holds. 3.) IDENTIFY Identify the organization s mobile device risk management strategy, including privacy and security safeguards. 4.) DEVELOP, DOCUMENT, and IMPLEMENT Develop, document, and implement the organization s mobile device policies and procedures to safeguard health information 5.) TRAIN Conduct mobile device privacy and security awareness and training for providers and professionals.

13 Mobile Devices What To Avoid Sharing your mobile device password or user authentication Allowing the use of your mobile device by unauthorized users Storing or sending unencrypted health information with your mobile device Ignoring mobile device security software updates Downloading applications (apps) without verifying they are from a trusted source Leaving your mobile device unattended Using an unsecured Wi-Fi network Discarding your mobile device without first deleting all stored information Ignoring your organization s mobile device policies and procedures

14 SUMMARY HIPAA Compliant communications are permitted, but you must take precautions; It is a good idea to warn patients about the risks of using that includes patient health information (PHI); Providers should be prepared to use for certain communications, if requested by the patient, but must ensure they are not exposing information the patient does not want shared; and Providers must take steps to protect the integrity of information and protect information shared over open networks.

15 SUMMARY Mobile Device Managment Mobile devices can be a great productivity tool The risks are very different Use mobile devices with extreme care 11 tips for protecting and securing PHI on mobile devices You must have written policies and procedures to address mobile device usage within your practice 5 steps to managing mobile devices What to avoid

16 Thank You! Questions? Contact