HIPAA – YOUR Obligation to Protect Confidential Information

When you think of protecting against HIPAA violations, what measures come to mind? Refrain from sending PHI via e-mail that isn’t secure? Use ShareFile for secure transfer of records? Don’t access protected information in public spaces where it might be seen? Utilize business associate agreements?  All those answers are correct.

---

As a Business Associate, peer reviewers have a contractual obligation to protect confidential information. 

• You must take and have in place the necessary administrative, physical and technical safeguards to protect confidential information. 
• No non-confidential, de-identified data resulting from activity funded by CIMRO may be published in any manner without CIMRO’s prior written consent.

 
Safeguards might include:

• Workstation/personal device use and security with access controls
• Password management and unique user identification
• Encryption and secure transmission
• Risk analysis and risk management processes

 
The US Department of Health & Human Services offers training materials and guidance to help entities implement privacy and security protections. The Office of Civil Rights has significantly stepped up audits and has imposed monetary penalties for non-compliance.  Be knowledgeable and compliant.​