HIPAA Obligations – Protect Confidential Information

HOW? Be knowledgeable and compliant. What measures come to mind when thinking how to protect against HIPAA violations?

---

• Refrain from sending PHI via e-mail that isn’t secure – correct.
• Use ShareFile for secure transfer of records – correct.
• Don’t access protected information in public spaces where it might be seen – correct.
• Utilize business associate agreements – correct. 

 
WHY? Peer reviewers have a contractual obligation to protect confidential information.  As CIMRO’s Business Associate, you must have in place the necessary administrative, physical and technical safeguards to protect confidential information. 

WHAT? Safeguards might include:
​

• Workstation/personal device use and security with access controls
• Password management and unique user identification
• Encryption and secure transmission
• Risk analysis and risk management processes

 
The US Department of Health & Human Services offers training materials and guidance to help entities implement privacy and security protections. The Office of Civil Rights has significantly stepped up audits and has imposed monetary penalties for non-compliance. 
 
NOTE - No non-confidential, de-identified data resulting from activity funded by CIMRO may be published in any manner without CIMRO’s prior written consent.