Locking up patient files and securing EHR software with passwords are great starts to complying with federal privacy legislation, but do you lock the privacy filter onto your hospital’s computer monitors so they can’t be removed by your staff? Privacy filters help you safeguard electronic Protected Health Information (ePHI), but only when they remain on the monitor.
The need for visual privacy, the protection of sensitive data while it is displayed on a screen, has increased with the enactment of the HITECH Act. When ePHI is displayed on a computer screen, it is at risk of exposure to passersby. Visual privacy controls, such as privacy filters, are a vital under-addressed part of data security that can greatly reduce the risk of data exposure and preserve visual privacy by severely restricting the angle at which data can be seen on a computer screen, dramatically reducing or eliminating any potential exposure. Privacy Laws Impacting Healthcare:
Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule became effective April 1, 2003, requiring healthcare providers, their business associates (lawyers, accountants, etc.), and other custodians to keep Protected Health Information (PHI) safe. PHI is all “individually identifiable” health information in any form or media, whether electronic, written, or oral. This information includes common identifiers (name, address, date of birth, SSN, etc.) as well as demographic data that relates to:
The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted in 2009, set meaningful use of Electronic Health Records (EHR) and includes provisions to increase the use of information technology to store, capture, transmit, appropriately share, and consume health information. The HIPAA Final Rule on Security Standards, issued on February 20, 2003, deals specifically with Electronic Protected Health Information (ePHI), and lays out three security safeguards required for compliance:
References
HIPAA Privacy Rule - http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/index.html
HITECH Act - http://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html
HIPAA Omnibus Rule Summary - http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php
Omnibus Rule Tiered Penalty Structure - http://www.mcguirewoods.com/Client-Resources/Alerts/2013/2/HIPAA-Omnibus-Final-Rule-Implements-Tiered-Penalty-Structure-HIPAA-Violations.aspx