Private Eye For Healthcare

Our Privacy filter in use in medical environments

The new HIPAA Omnibus Rule went into effect on March 26, 2013. Covered entities and business associates have 180 days from the effective date to be compliant with its provisions.

Locking up patient files and securing EHR software with passwords are great starts to complying with federal privacy legislation, but do you lock the privacy filter onto your hospital’s computer monitors so they can’t be removed by your staff? Privacy filters help you safeguard electronic Protected Health Information (ePHI), but only when they remain on the monitor.

The need for visual privacy, the protection of sensitive data while it is displayed on a screen, has increased with the enactment of the HITECH Act. When ePHI is displayed on a computer screen, it is at risk of exposure to passersby. Visual privacy controls, such as privacy filters, are a vital under-addressed part of data security that can greatly reduce the risk of data exposure and preserve visual privacy by severely restricting the angle at which data can be seen on a computer screen, dramatically reducing or eliminating any potential exposure. Privacy Laws Impacting Healthcare:

HIPAA Law IllustrationHITECH Law Illustration

Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule became effective April 1, 2003, requiring healthcare providers, their business associates (lawyers, accountants, etc.), and other custodians to keep Protected Health Information (PHI) safe. PHI is all “individually identifiable” health information in any form or media, whether electronic, written, or oral. This information includes common identifiers (name, address, date of birth, SSN, etc.) as well as demographic data that relates to:

  • The individual’s past, present, or future physical or mental health or condition
  • The provision of health care to the individual
  • The past, present, or future payment for the provision of health care to the individual

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted in 2009, set meaningful use of Electronic Health Records (EHR) and includes provisions to increase the use of information technology to store, capture, transmit, appropriately share, and consume health information. The HIPAA Final Rule on Security Standards, issued on February 20, 2003, deals specifically with Electronic Protected Health Information (ePHI), and lays out three security safeguards required for compliance:

1. Administrative - policies and procedures designed to show how the entity will comply with the HITECH Act
2. Physical - controlling physical access to protected data in order to protect against inappropriate access
3. Technical - controlling access to computer systems, and protecting electronically transmitted communications containing PHI from being intercepted by anyone other than the intended recipient

References
HIPAA Privacy Rule - http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
HITECH Act - http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
HIPAA Omnibus Rule Summary - http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php
Omnibus Rule Tiered Penalty Structure - http://www.mcguirewoods.com/Client-Resources/Alerts/2013/2/HIPAA-Omnibus-Final-Rule-Implements-Tiered-Penalty-Structure-HIPAA-Violations.aspx