HIPAA Employer Home

HIPAA EMPLOYER - ABOUT HIPAA SECURITY
  HIPAA for Employers & Brokers

QUICK HIPAA REFERENCE LINKS

 
   
 

Do you communicate with your broker electronically (email, e-fax, etc)?

If there is any specific employee information in those communications, there's a high probability that the information contains Protected Health Information (known as ePHI for "electronic" PHI). This is the very source of information that the HIPAA Security rule is destined to protect and probably one of the most common activities that employers engage in with regard to ePHI. If this information isn't protected during transit, it's most likely that you are violating one of the provisions of the Security Rule.

Do you store PHI on your computer desktop/laptop/network server?

Think about the spreadsheets, databases, emails you have on your local system or on your company server. Do they contain PHI? The definition of PHI can be as simple as connecting a person to the fact that they are enrolled in a group health plan. You don't have to have specific details about a medical condition (although this would immediately increase the sensitivity of that information!)

It's very common for employers to have spreadsheets of employee information as they prepare for open enrollment. Many times - these spreadsheets get emailed to their insurance carriers and/or their brokers -- in unencrypted form. Even outside of HIPAA, in the days of exploding identity theft, if the information in these documents fall into the wrong hands, the potential damage to individuals could be tremendous. Preparing for HIPAA has the added benefit of protecting your employees from potential identity theft in addition to complying with HIPAA.


Is all ePHI backed up regularly?

A: Whether it's on your local machine or a network server, the Security Rule requires that this information be protected from disasters. The most basic disaster recovery plan involves backing up critical data and storing it in a safe place - which usually means offsite somewhere. Think of ePHI as sensitive as any other confidential information needed to run your business -- give it the same protections and you'll be in good shape. If you don't do this already - maybe now is the time to get started!

<Previous     Page 3 of 4     Next>

 

  
 
Excerpts from our manual - HIPAA for the Employer
  
     
© HIPAA Solutions RX | About HIPAA | Our Products | Brokers | About Us | Site Map