4 Ways to Protect Personal Health Information

  • Home
  • 4 Ways to Protect Personal Health Information

 

An excellent article recently appeared in G2 Compliance Advisor, published by Plain language Media, concerning policies needed to prevent laboratory employee Personal Health Information (PHI) breeches.   The article makes the valid point that many PHI issues can be traced to an employee action.  Frequently the release of information is inadvertent and can be attributed to inadequate PHI protection policies being in place and communicated to employees concerning the need to protect the personal health information of each patient. 

Included among the areas discussed were:



1) Computer use policy must be instituted

Computer use policy must be instituted and define acceptable use of fixed and laptop computers and mobile devices. Likewise, there need to be policies and safeguards in place to keep secure any emails and their attachments.

2) Policies are essential addressing social media and blogging

Many institutions lock out certain social media sites to avoid inadvertent disclosure of information. In addition, employees should be banned from speaking on behalf on the laboratory unless they have received appropriate permission. 

3) The “clean desk policy” is an important area for attention, particularly in smaller facilities

Patients coming to a front desk to register or for any other reason must not be able to observe any PHI either in paper reports present on the desk or on open computer screens. Hardcopy documents must be secured after use and computers must be logged off when not in use so unauthorized individuals cannot gain access to them.

4) It is important that a “Bring Your Own Device” policy be developed and in place 

It is important to define if an employee owned device can be used for work-related issues and, if allowed, for which activities they can be used. I will discuss more on this topic in a later posting. 

I found this as an informative and thought provoking article on protection of patient personal health information.  Unfortunately, all too frequently, we learn of breaches in which there has been an unintended release of patient protected health information.  Best to be safe, have procedures, enforce them and in the end not have significant problems.

 

Also, don't forget to stay connected and join our Quality Lab Group on LinkedIn!
 
 

News, clinical laboratory

Related posts

About the author

Dr. John Daly



John T. Daly, M.D. received his MD degree at Weill Cornell University Medical College, performed his internship and residency in Anatomic and Clinical pathology at Duke University Medical Center and a residency in Forensic Pathology at the Office of the Chief Medical Examiner in Chapel Hill, N.C. He is board certified in anatomic, clinical and forensic pathology. Through the course of his career, Dr. Daly has had extensive experience directing and advising laboratories of all sizes including physician office practices, Federal Health Clinics, surgical centers, Community Hospitals and the integrated academic health system clinical laboratories of Duke Medicine. He retired as Director of Laboratories of Duke Medicine, and continues his affiliation as a member of the emeritus staff.

Advertisement
Advertisement

 
Search Blog: