top of page

Data Security Requires Building Security!

Writer's picture: Diane EvansDiane Evans



By Diane Evans


new report from the U.S. Office for Civil Rights (OCR) sends a particular wake-up call to long-term care providers.  The finding: More than one-sixth of data security breaches occur as a result of lost or stolen equipment.

By contrast, the report indicates that only 7% of data security decision-makers are concerned about equipment losses. 

This is especially relevant to long-term care, due to the wide range of places where electronic equipment could reside - from unlocked vehicles to home offices.  Think about:


  • Workstations

  • Servers

  • Laptops

  • External hard drives

  • Backup devices

  • Flash drives

  • Smart phones

  • Cameras

  • Fax machines

  • Copiers


For executives within long-term care, the challenge becomes oversight and systematic management of data everywhere it exists. 

Here are some things to keep in mind for implementing a proactive building security plan:


  • Implement facility access controls with as much thought as you would secure your home. Make sure you consider all places where Private Health Information (PHI) may be accessed within physical locations.  Remember to check the security of places where old paper documents are stored.



  • Make sure to meet HIPAA requirements for policies and procedures to limit physical access to electronic information systems, and the facilities in which they are housed.   Access should be on a need-to-know basis only.



  •  Prepare the following, all of which are mandated under HIPAA and must be documented


Action Item for Long Term Care Executives: refer to the OCR report for more details.  Or, for a handy eight-page Building Security Task List to use in making assignments and tracking progress, visit www.guardededge.com for a free download. 

#HIPAA Compliance

#Data management for long-term care

#Data security best practices for long-term care


About the author

Diane Evans is founder of Guarded Edge, which offers training and an in-house implementation plan for compliance with the Health Insurance Portability and Accountability Act (HIPAA) within long-term care.  Diane can be reached at devans@guardededge.com.  She has offered accredited training for state and national organizations, including the Health Care Compliance Association and the Cleveland Metropolitan Bar Association. 

5 views0 comments

Recent Posts

See All

Take a Lesson from Change Healthcare

Change Healthcare issued a statement last week, saying it has substantially completed its review of last year’s data breach that impacted...

Proposed Changes in HIPAA Rules Help YOU!

By Diane Evans  Recently, the U.S. Office for Civil Rights (OCR) proposed stronger rules for data security and compliance under the...

留言


Guarded Edge LLC

526 S Main St  - #104

Akron, OH 44311

  • LinkedIn
bottom of page