.png?width=261&name=2021_newest_logo_cola-footer%20(1).png){kind=logo}
An excellent article recently appeared in G2 Compliance Advisor, published by Plain language Media, concerning policies needed to prevent laboratory employee Personal Health Information (PHI) breeches. The article makes the valid point that many PHI issues can be traced to an employee action. Frequently the release of information is inadvertent and can be attributed to inadequate PHI protection policies being in place and communicated to employees concerning the need to protect the personal health information of each patient.
Included among the areas discussed were:
1) Computer use policy must be instituted and define acceptable use of fixed and laptop computers and mobile devices. Likewise, there need to be policies and safeguards in place to keep secure any emails and their attachments.
2) Policies are essential addressing social media and blogging. Many institutions lock out certain social media sites to avoid inadvertent disclosure of information. In addition, employees should be banned from speaking on behalf on the laboratory unless they have received appropriate permission.
3) The “clean desk policy” is an important area for attention, particularly in smaller facilities. Patients coming to a front desk to register or for any other reason must not be able to observe any PHI either in paper reports present on the desk or on open computer screens. Hardcopy documents must be secured after use and computers must be logged off when not in use so unauthorized individuals cannot gain access to them.
4) It is important that a “Bring Your Own Device” policy be developed and in place. It is important to define if an employee owned device can be used for work-related issues and, if allowed, for which activities they can be used. I will discuss more on this topic in a later posting.
I found this as an informative and thought provoking article on protection of patient personal health information. Unfortunately, all too frequently, we learn of breaches in which there has been an unintended release of patient protected health information. Best to be safe, have procedures, enforce them and in the end not have significant problems.
