With online holiday shopping season underway, healthcare information security best practices need to be enforced as workforce handling patient data is actively engaged in online shopping as well. When making a purchase requiring account information, including credit cards or personal identification, users should be confident their computer is acceptable for banking account access. Basic minimum precautions include firewall, anti-virus, review of installed programs, with any discrepancies remedied before further use.
A computing device designated to handle sensitive patient information should not be used to download questionable software (i.e., “exe” files) or perform high-risk activities, including the use of certain websites and “plugins.” Visitors, including friends and relatives who may use the computer, should not be granted admin access. The admin profile can setup a limited/guest account to prevent other users from accessing unauthorized information or inadvertently installing malware. It is advised to use a separate computer for at-risk activities; for instance certain online games can provide an opportunity for players to “inject code,” including viruses, into other players’ command console; malicious software can also be disguised as a discount/savings “toolbar.”
Shopping online from a healthcare-compliant computer or mobile devices, whether personally-owned or company-issued, would be considered among the more secure methods; however users must make sure such activity is permitted under their organization’s information security policy. A company information security policy document should specify which activities are acceptable on a computer or mobile devices designated for company purposes, and stipulations will vary between different companies. Employees should be aware provisions in their employment contract may allow the company to install and operate centralized management software on any home computers or personal device used for handling Protected Health Information(PHI). Centralized management software can ensure firewalls and anti-malware software is properly configured and operating system updates/patches are applied promptly, and the software may be able to monitor activity. If unclear on the details, employees are advised to use a separate device for non-work purposes.
Useful links for healthcare staff who wants to learn more about patient data security best practices are provided for your further reading:
Latest posts by EHR 2.0 (see all)
- Trump Administrations’ Effect on Healthcare Organizations - January 23, 2017
- HIPAA Fine for Lack of Timely Breach Notification - January 11, 2017
- HIPAA Compliance 2016 Year in Review - January 9, 2017