The New-Internet-Security-Sponsors Share 5 Ways to Make Sure Your Health Information is Secure
One of our New-Internet-Security-Sponsors provide the following insight as to what we can do as consumers to help assure our Private Health Information (PHI).
The laws of the Health Insurance Portability and Accountability Act, or HIPAA, are a set of rules imposed by the Department of Health and Human Services in 1996 that are designed to protect your private health information, or PHI. There are two sets of rules in HIPAA: the Privacy Rule, which outlines the rights that the consumer has regarding the disclosure of their PHI, and the Security Rule, which regulates the way Health Care Providers handle your information. Although there isn’t much you can do on your health care provider’s end to make sure that they are operating in accordance with HIPAA, there are some things you can do from a consumer’s standpoint to make sure that you aren’t needlessly putting your information at risk.
Become a New-Internet-Security-Sponsors...
1. Make sure you’ve read the Privacy NoticeThe first and foremost thing that you must do is read the Privacy Notice that your health care provider asks you to sign upon your first interaction (if you never read it the first time, you can request a new one from your health care provider). Knowing what they can and can’t do with your information is invaluable if you value the security of your information.
2. Make sure your provider isn’t taking shortcutsThis may be hard to get a straight answer about this from your doctor, but many health care providers take shortcuts that aren’t necessarily illegal, but are definitely not in the accordance with the spirit of the law. For example, a surprising amount of providers will use your social security number as your member ID since it’s one of the first numbers that they enter on your file, saving them the hassle of assigning individual member IDs. While this is not illegal, it is extremely sketchy since all a hacker needs to do is get a list of member ID to get instant access to thousands of SSNs.
3. Make sure your provider’s associates are protecting your PHIAny organizations that handle your information (lawyers, software companies, and even satellite internet providers etc... or “business associates,” as HIPAA refers them, must sign an agreement stating that they will act in accordance with the laws of HIPAA. This is standard operating procedure and 99% of the time your health care provider will have these contracts in place, but you never know. If a business associate ends up selling your information for marketing purposes and there is no agreement in place, the fault lies with your health care provider.
4. Watch where you’re talkingHIPAA mandates that health care providers cannot discuss PHI within earshot of anyone (a doctor simply saying that he just checked your temperature in a hallway could be considered a HIPAA violation). If you’re in a situation where you must talk to your doctor in public (for example, having a consultation for a new medication at your pharmacy), always practice good habits like speaking softly and being mindful of people nearby standing in line who might have an ear open.
5. Make sure they’re disposing of your PHI properlyYour provider is required to destroy any of your information that they might discard. Most places usually use a shredder and “special” locked trashcans that are disposed of by “special” trash men. This, like all HIPAA rules, are costly and a pain for the staff to deal with, which unfortunately raises the chance that your provider may be putting your information at risk.
While there’s only so much you can from your end to ensure that your information is being handled properly, it never hurts to at least be aware of what your provider can and can’t do with your PHI. If you feel that your provider is mishandling your information, you can always inquire, or if you really mean business, you can always
file a complaint
with the HHS.
We would like to thank our guest writers on The NIS Blog! We feel it's a honor and pleasure, to have others participate and contribute to the great content, advice and opinions on and in our New Internet, we all live in...help us, help them, by supporting and visiting their sites!
Become a New-Internet-Security-Sponsors.
Learn IT, DO IT, Teach IT, Share IT, BE IT
Your New Internet Security Partners
Dave Ballard & Bill Wardell
Radio Security Journalists
© 2006 - 2011 New Internet Security