It is very easy to become negligent when you are rushing from one appointment to another, but it is your responsibility to keep all your clients’ information protected. Taking a few extra minutes when accessing your clients’ personal health information and personally identifiable information (PHI/PII) can save you from paying an expensive compliance violation fine and possibly save your business. Here are 5 tips to help you better protect your clients’ PHI.
- Create strong passwords on ALL devices. Make it extremely difficult for hackers to break into your accounts. Strong passwords use a combination of upper- and lower-case letters, numbers and special characters. We recommend that your password is 12 characters long, and that you update your passwords on ALL devices every 90 days.
- 8 characters with lowercase letters, numbers and special characters takes 19 minutes to hack.
- 10 characters with lowercase letters, numbers and special characters takes up to 1 month.
- 12 characters with lowercase letters, numbers and special characters takes 200 years.
- Encrypt ALL devices. Are all your devices (computer, phone, or tablet) on which you access client personal information encrypted? If you are downloading or accessing your clients’ personal information on any device, it needs to be encrypted. If your device is stolen like in the example above and it is NOT encrypted, you are REQUIRED to contact HHS and report the device.
- Two locks/Two passwords. All files that include a clients’ personal information need to be behind TWO locks or TWO passwords. Examples: a LOCKED filing cabinet and behind LOCKED office door or password protected computer login and password protected database.
- Create a shred policy. Your shred policy must be completed to the Department of Defense Standard. Don’t throw away your client’s information in the trash; shred it! Don’t forget all files regarding clients must be saved for 10 years!
- Have clients sign PHI forms. PHI forms capture who the client gives permission to divulge personal health information to, as well as, to which degree the information can be shared. PHI forms also give you permission to leave your clients voicemails on telephone numbers they have approved. This form is also where you need to gather permission from your client to market new products to them.
Creating a routine during and after your client meetings can help you avoid being hacked, and your clients’ information compromised. Having a system in place that protects client information not only safeguards the client, but it protects you and your business as well! The Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties will help you understand the laws and the scope of the penalties.
Here at Hovis & Associates, We Make the Complicated SIMPLE! Every year we have an Annual Compliance Meeting, to keep you up to date on all the new HIPAA interpretations, rules and regulation. We also cover cybersecurity issues to reduce the probability of breaches. If questions and concerns arise, our compliance team is ready to help! Ready to make the move to an upline that is looking out for you? Contact us today at 888-613-6196 to get started! We look forward to working with you!