• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Internal security threats

Article

I recently caught a staff member who isn't authorized to view protected information looking up the electronic medical record of a patient whom she knows socially. Was this a violation of the security rule?

Q: I recently caught a staff member who isn't authorized to view protected information looking up the electronic medical record of a patient whom she knows socially. Was this a violation of the security rule?

A: Yes. If you transmit or store protected data electronically, you must take steps to guard against internal threats to electronic patient information. Fortunately, many internal security threats can be dealt with effectively simply by having the proper policies and procedures in place, including passwords that restrict unauthorized computer access.

The security rule also requires that you take appropriate actions to guard against external threats-such as a hacker intercepting a confidential e-mail you've recently sent to a patient. These actions may be more difficult, because you must consider whether the implementation of certain technical measures-such as the use of encryption to secure e-mails or e-mail attachments-is called for.

Related Videos