In case of an emergency, Electronic Protected Health Information Should is accessible to the appropriate and authorized workforce members. This information is critical and should be held with care. Departments should put in place procedures through which this information is easily accessible in times of an emergency. If this access is denied the patient may face fatal repercussions.
Any EPHI that does not concern the patient at risk do not apply to this requirement and their access should be denied. Only files relating to the patient may be provided to the workforce member.
Delegate your assignment to our experts and they will do the rest.
Unique User Identification and Password
Every person who accesses any network system that stores EPHI should have a unique user ID. This will help in restricting sharing of credentials with employees who should not have any access. Whenever this user wants to access this information, they should provide the user identification information that they had used before.
A secure password should also be used to maximize security of the information. The password should meet required specifications. The following are some minimum requirements it should meet; Passwords should have a minimum of eight characters in length; passwords should not be words found in a dictionary; passwords should not have personal information such as ones names or birthday. Users should not allow another user to gain access with their credentials.
Users who have access to the EPHI should ensure that they do not write their personal information anywhere since this would be exposing it openly. Passwords should also be changed regularly to maintain high levels of security. Each user should ensure that their access information is only used to access the information legitimately. Any unauthorised access will be treated as intentional. If a user believes his or her user ID has been compromised he should report the incident to the manager who will then communicate the problem to the HIPAA Officer.
Encryption and Decryption
If a patient thinks, his data is too sensitive it should be encrypted with a key that only select individuals have access to. This protects the data even when passwords have been compromised. A perpetrator will access the storage facility but the data will be in an inaccessible form. Encryption will also be essential data requires to be sent from one database to another.
Remote Access
Authentication through user IDs and de-encryption mechanisms are necessary for all access into all networks containing EPHI. Such access mechanisms include VPN clients and authenticated SSL web sessions. Various measures to control access of EPHI remotely are put in place. These include restrictions for remote control software and applications. Remote access computers must also have a virus detention and protection mechanism put in place. All encryption mechanisms should support a minimum of 128-bit encryption. They are however not limited to this number and may use higher and more secure mechanisms. Any user who requests to have remote access to EPHI must have approval of the Security Officer to ensure his workstation meets the requirements for virus detection and prevention. Formal documentation should also be put in place to maintain the continued security of these workstations.
Wireless Access
Wireless access to networks, which contain EPHI information, must have the following security measures among them adequate encryption, MAC-based user ID authentication. Insecure wireless access point must be prohibited; all encryption systems must have at least 128-bit encryption. In addition, any user who wishes to access the EPHI wirelessly should ensure that the workstation he or she is using remains secure and does not put the system at any risk. Officers must provide wireless documentation that these systems are secure enough to hold access the database.
Violations
Any individual who is found to have violated this policy will be subject to disciplinary action and face the risk of losing their job.
