in HIPAA Headlines by John Brewer

Part of a self assessment and policy is understanding what makes sense.

This NPR article notes some instances of poor risk management.

Any business in the medical industry needs to fully understand the risk in loading a laptop (or other mobile device) with PHI.

Quite frankly, I can’t come up with a single reason a medical practice would need to remove any PHI from an office on a laptop or hard drive (short of an office move).  If you are having an employee take an external hard drive home as part of your off site backup, you have a serious problem.

The thought process for removing PHI from an office should be addressed in your company computer policy.

Any medical business that regularly removed PHI from the office on electronic media must ensure that data is encrypted, so if it is lost or stolen, none of it can be accessed.

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 177 great entries.

0 thoughts on “Risk Management in Your Practice

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *