Evaluate PHI Policies and Procedures with Frequent Risk Assessments

Closeup shot of laptop keyboard secured with chain and padlockHealth and Human Services’ notorious Wall of Shame, listing names of organizations with HIPAA breaches, is the last place your agency wants to see its name publicized. A majority of offenders were victim to theft of devices that held sensitive client files with PHI (Protected Health Information).

In fact, 32% of breaches on the Wall of Shame affecting 500 or more individuals was the result of a lost or stolen laptop or other portable electronic device.

Increase mobile device use has resulted in added risk and more responsibility for your agency to ensure all PHI is secure. Agencies have adapted BYOD (Bring Your Own Device) policies for employees to conduct business on their own smartphones or laptops. But, you can’t stop there.

HIPAA advises insurance agencies to perform HIPAA risk assessments after every security incident, change in staff, or new technology is implemented. In terms of mobile devices, a HIPAA risk assessment would identify which employees are using personal devices for work related tasks. It would be able to assess if they have signed BYOD agreements and be able to determine if the proper security software encryption standards were in place as required by HIPAA.

If an employee is accessing client PHI on an unauthorized device, the employer is still held responsible in the event the device is lost or stolen and can be punished severely on behalf of the employee’s negligence.

Do you have the proper safeguards and agreements in place for employees who access PHI on their mobile devices?

GRA Benefit Group’s PHI365 HIPAA Compliance service offers a risk assessment software that will analyze your agency’s mobile policies and determine the risk level your agency operates in.

In addition, GRA’s PHI365 HIPAA consulting services will:

  1. Provide HIPAA documentation based on your Agency’s needs
  2. Ongoing Risk Analysis every three years OR at your request
  3. Annual HIPAA employee training
  4. Phone and email access to our PHI365 HIPAA team

Contact us to learn more about GRA’s PHI365 HIPAA Compliance service at 517-351-4908 or [email protected].