Documente Academic
Documente Profesional
Documente Cultură
11/14/2013
Upon review of a typical doctors office visit, one can observe the physical safeguards. First,
the objective is to limit and control access to all areas where PHI is transferred or stored. The facility
access controls could include, door locks, electronic access and video. Physical safeguards would also
include the placement of monitors in relation to foot traffic as well as to the patient. One would want
only the physician or designated employees to view the computer monitors so the placement of the
monitors requires consideration. Privacy screens on the monitors can help limit any unauthorized
viewing of information on a screen. Placement of the patient waiting area check-in line or bill paying
station should also be separated to mask conversations with other waiting patients or visitors.
Technical safeguards are an area that that is becoming increasing important for healthcare
providers to comply. Some technical security solutions would be to consider access controls that
enable authorized users to access the minimum necessary information needed to perform job
functions. Providing a unique user ID to identify the user and the activity as well as defining an
automatic log off after an allocated amount of idle time are two areas to provide technical
compliance. Another critical provision for technical safeguards is to provide encryption for idle as well
as transmitted data. The next standard of audit controls places hardware, software or procedures to
record and examine activity of PHI.
Administrative safeguards require the organization to develop policies and procedures to
prevent, protect and contain security of information systems. Once these policies and procedures
have been adopted, it would be the responsibility of the organization to develop sanctions for the
staff that fail to comply. Training for all staff would be required and there should be staff designated
as the responsible party to notify upon the realization of a security breach.
11/14/2013
11/14/2013
Failure to comply may not only result in regulatory actions, such as fines, but also direct
business loss from lawsuits, damage to reputation and the loss of the publics trust. Organizations
that deal with personal health information are expected to comply with HIPAA regulations or suffer
stiff fines. Some civil fines have ranged from $100 for each violation up to $25,000 for general
violations. If the breach is considered willful violations, the fines can go up to $1.5 million. And if this
isnt scary enough one can also be facing serious jail time. So its in everyones best interests that
HIPAA be followed for the safety of our patients and our careers. It is our role and responsibility to be
the safe keepers of your patients private information.