I am not sure why I continue to attend free webinars about data breaches. They mostly serve to make me extremely anxious for our customers. . . especially for those who have not created a data security plan or have thought minimally about their responsibilities for protecting the privacy of their patients’ Protected Health Information (PHI).
You all certainly know about the requirements that HIPAA and the HITECH portion of ARRA placed upon healthcare providers. You must protect the privacy and security of PHI. You must have assessed the risks to the security of your data and have a plan in place for mitigating any potential consequences of security breach.
The problem is that new potential complications arise all the time. This morning’s webinar was about social media and the potential security risks added by use of those media. It was presented by ID Experts, a company that specializes in an online tool that guides you through handling a data breach when it occurs. They believe that one must assume that such breaches will occur. . . and be ready to react at a moment’s notice.
Do you have a social media policy at work? Are you allowed to use Facebook or Twitter from your work computer? What about from your smart phone paid for by your employer? Are you allowed to access your personal email account from the same computer on which PHI are stored? Today’s presenters talked about all the potential downfalls of such capabilities since most social media sites are not encrypted and have marginally protected security.
I left the webinar feeling anxious for our customers who do not pay attention to these matters. What will they do when they have a data breach? What will you do?
Please share your comments…