The Rheumatologist
COVID-19 NewsACR Convergence
  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed
  • Home
  • Conditions
    • Rheumatoid Arthritis
    • SLE (Lupus)
    • Crystal Arthritis
      • Gout Resource Center
    • Spondyloarthritis
    • Osteoarthritis
    • Soft Tissue Pain
    • Scleroderma
    • Vasculitis
    • Systemic Inflammatory Syndromes
    • Guidelines
  • Resource Centers
    • Axial Spondyloarthritis Resource Center
    • Gout Resource Center
    • Psoriatic Arthritis Resource Center
    • Rheumatoid Arthritis Resource Center
    • Systemic Lupus Erythematosus Resource Center
  • Drug Updates
    • Biologics & Biosimilars
    • DMARDs & Immunosuppressives
    • Topical Drugs
    • Analgesics
    • Safety
    • Pharma Co. News
  • Professional Topics
    • Ethics
    • Legal
    • Legislation & Advocacy
    • Career Development
      • Certification
      • Education & Training
    • Awards
    • Profiles
    • President’s Perspective
    • Rheuminations
    • Interprofessional Perspective
  • Practice Management
    • Billing/Coding
    • Quality Assurance/Improvement
    • Workforce
    • Facility
    • Patient Perspective
    • Electronic Health Records
    • Apps
    • Information Technology
    • From the College
    • Multimedia
      • Audio
      • Video
  • Resources
    • Issue Archives
    • ACR Convergence
      • Gout Resource Center
      • Axial Spondyloarthritis Resource Center
      • Psoriatic Arthritis
      • Abstracts
      • Meeting Reports
      • ACR Convergence Home
    • American College of Rheumatology
    • ACR ExamRheum
    • Research Reviews
    • ACR Journals
      • Arthritis & Rheumatology
      • Arthritis Care & Research
      • ACR Open Rheumatology
    • Rheumatology Image Library
    • Treatment Guidelines
    • Rheumatology Research Foundation
    • Events
  • About Us
    • Mission/Vision
    • Meet the Authors
    • Meet the Editors
    • Contribute to The Rheumatologist
    • Subscription
    • Contact
  • Advertise
  • Search
You are here: Home / Articles / HIPAA and PHI Cybersecurity Best Practices in the COVID-19 Era

HIPAA and PHI Cybersecurity Best Practices in the COVID-19 Era

September 14, 2021 • By Steven M. Harris, Esq.

  • Tweet
  • Email
Print-Friendly Version / Save PDF
one photo / shutterstock.com

one photo / shutterstock.com

When the first SARS-CoV-2 case was recorded, it was difficult to appreciate the extent to which cybersecurity concerns, particularly in connection to the protection of patient healthcare data, would enter into main­stream consciousness. Although many practices and healthcare organizations have recently adopted additional measures to safeguard patients’ protected health information (PHI) through expanded cybersecurity monitoring, remote working conditions and the use of electronic communications pose a security risk and can create access points for cyber criminals that could result in a breach.

You Might Also Like
  • Up to Date with the HIPAA Privacy Rule
  • HHS Enforces Stricter Rules on HIPAA
  • HIPAA Security Standards: What Rheumatologists Need to Know
Explore This Issue
September 2021
Also By This Author
  • What Rheumatologists Need to Know about Payer Audits

Further, with more employees than ever working remotely, it is critical to ensure that physical spaces (e.g., offices, ware­houses, and other sites and facilities) be properly secured to prevent unauthorized access, use or disclosure of PHI or other sensitive information.

ad goes here:advert-1
ADVERTISEMENT
SCROLL TO CONTINUE

To protect against these heightened risks, implementing HIPAA and PHI cyber­security best practices related to technical and physical security is critical.

1) Adequate Technical Infrastructure, Updated Corporate Policies & Procedures

Federal law provides a technical safeguard framework for covered entities and business associates to implement in connection with access to PHI. Relevant guidance includes the following key elements of significant importance in the COVID-19 era:

ad goes here:advert-2
ADVERTISEMENT
SCROLL TO CONTINUE
  • Access control. Implement technical policies and procedures for electronic information systems that maintain electronic PHI to allow access only to those persons or software programs that have been granted access rights as specified in §164.308(a)(4).
  • Unique user identification (required). Assign a unique name and/or number for identifying and tracking user identity.
  • Emergency access procedure (required). Establish (and implement as needed) procedures for obtaining necessary electronic protected health information during an emergency.
  • Automatic logoff (addressable). Implement electronic procedures that terminate an electronic session after a predetermined time of inactivity.
  • Encryption and decryption (addressable). Implement a mechanism to encrypt and decrypt electronic protected health information.

Organizations have flexibility, particularly with the “addressable” requirements, in how they implement these security protocols. These addressable concerns are particularly important in the COVID-19 era given the rise in the use of telehealth.

With patient screenings being conducted through the use of online portals and virtual meeting rooms, patient data are being both stored and disseminated through online network channels, email and other telecommunications modes. As a result, access control, encryption and automatic logoff are particularly important.

Although these considerations have always been significant, these safeguard elements are connected to scenarios that were less frequently contemplated prior to the rise of telehealth. Consider the following:

ad goes here:advert-3
ADVERTISEMENT
SCROLL TO CONTINUE

Pages: 1 2 3 4 | Single Page

Filed Under: Legal Tagged With: HIPAA, protected health informationIssue: September 2021

You Might Also Like:
  • Up to Date with the HIPAA Privacy Rule
  • HHS Enforces Stricter Rules on HIPAA
  • HIPAA Security Standards: What Rheumatologists Need to Know
  • HIPAA Privacy Rules Bring New Enforcement Guidelines

American College of Rheumatology

Visit the official website for the American College of Rheumatology.

Visit the ACR »

Simple Tasks

Learn more about the ACR’s public awareness campaign and how you can get involved. Help increase visibility of rheumatic diseases and decrease the number of people left untreated.

Visit the Simple Tasks site »

Meeting Abstracts

Browse and search abstracts from the ACR Convergence and ACR/ARP Annual Meetings going back to 2012.

Visit the Abstracts site »

The Rheumatologist newsmagazine reports on issues and trends in the management and treatment of rheumatic diseases. The Rheumatologist reaches 11,500 rheumatologists, internists, orthopedic surgeons, nurse practitioners, physician assistants, nurses, and other healthcare professionals who practice, research, or teach in the field of rheumatology.

About Us / Contact Us / Advertise / Privacy Policy / Terms of Use / Cookie Preferences

  • Connect with us:
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Feed

Copyright © 2006–2023 American College of Rheumatology. All rights reserved.

ISSN 1931-3268 (print)
ISSN 1931-3209 (online)