Listen, protecting PHI is not rocket surgery.
Complying with HIPAA is really not that complex.
BUT you need to have a system in place.
Recently in South Carolina, there was another data breach.
This has all the makings of “what were you thinking?”
“…a computer was stolen from an employee’s car the previous night…”
This computer was password protected, but NOT encrypted.
What do I mean by having a system in place?
- Computer policies that spell out requirements for PHI on portable devices
- Encrypt every portable device completely, not just a folder
- Train every employee on the above two items.