HIPAA compliance: Physical security is as important as cyber security

Recently 1Texas-based cancer treatment center has been penalized with $4.3 million fine for three breaches linked to unencrypted devices.
Breach happened from three incidents in 2012 and 2013 when an employee’s laptop was stolen at a residence and two unencrypted pen drives went missing which caused possible compromise of 35,000 health records.
physical security of electronic protected health information (ePHI) is often overlooked while focusing on cybersecurity safeguards to maintain HIPAA compliance. The HIPAA Security Rule requires healthcare entities to implement physical safeguards around any devices that have access to ePHI, such as portable devices like laptops, smart phones and tablets.
The OCR’s latest cybersecurity newsletter has given seven questions to ask themselves about their organization’s physical security, listed below:

  • Is there a current inventory of all electronic devices such as computers, portable devices, electronic media including location of the devices?
  • Are any devices located in public areas or other areas that are more vulnerable to theft, unauthorized use, or unauthorized viewing?
  • Should devices currently in public or vulnerable areas need to be relocated?
  • What physical security controls are currently in use for such devices such as cable locks, privacy screens, secured rooms, cameras, guards, alarm systems and are they easy to use?
  • What additional physical security controls could be put into place?
  • Are policies in place and employees properly trained regarding physical security, for example: the use of cable locks and privacy screens?
  • Are there signs posted reminding personnel and visitors about physical security policies and monitoring?

Healthcare entities need to undertakes compliance efforts with HIPAA’s Security rule & healthcare officials need to follow tested procedures before instating extra ePHI physical safety efforts.
HIPAA compliance can be a long and complex process that is crucial to the successful operation of any successful business in the healthcare field. While such standards are meant to serve the privacy interests of constituents they increasingly require manpower that is hard to find in this challenging environment. Telegenisys helps its clients meet such requirements by providing HIPAA certified staff in an zero defects outsourced environment. Know more..


1https://www.campussafetymagazine.com/hospital/md-anderson-cancer-center-data-breaches/?platform=hootsuite

past medical history

Past medical history helps assess life expectancy

Past Medical History (PMH) is perhaps the most important section of doctors notes impacting longevity assessment.  When looked at medical conditions...

Impact of Family History on Life Expectancy

A hereditary disease is caused by genetic factors transmitted from parent to offspring. Family history is, therefore, an important consideration in...
life expectancy social history

The impact that social history has on life expectancy

In many parts of the world, life expectancy has been increasing steadily over the past few decades, due to increases in technology, medication, and...

Telegenisys supports law firm privacy compliance

Stephen Treglia writes in the New York Law Journal that "businesses are demanding law firms sign written agreements affirming their compliance with...

Telegenisys Geo codes lanes on more than 50,000 miles of US Highways

Satellite and Ariel image analysis is a core competency of Telegenisys Inc. Telegenisys frequently geo codes artifacts (objects) on the earth...

Containing health record costs in mass litigation

Gathering healthcare related evidence can run up considerable costs even before determining if there is a reasonable chance of making a valid claim....

Pin It on Pinterest