Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Data Breach – Encrypted PHI

advertisement 
ADMINISTRATIVE PROCEDURES
LifeStream Services, Inc.
Policy Name: Encrypted PHI
Department: Administration
Initial Date: January 28, 2011
Authorized by: _______________________________________________________
Kenneth Adkins, President/CEO
PURPOSE:
The purpose of this policy is to ensure that mobile computers containing Protected Health Information (PHI)
are properly encrypted to prevent breach and misuse of such information in the event the mobile computer is
lost or stolen. The compelling reason for this policy is the introduction of Health Information Technology for
Economic and Clinical Health (HITECH) Act, which requires HIPAA-covered entities to send notification
letters if there is a breach of unsecured PHI. However, as HHS pointed out, the use of encryption grants safe
harbor in the event of a breach because encrypted PHI is not unsecured PHI.
POLICY:
All mobile computing devices containing PHI and that are at risk of breach will be encrypted with
an Advanced Encryption Standard (AES) encryption technology. LifeStream Services will also
implement and maintain an encryption key management policy.
PERSONNEL EFFECTED:
Any personnel using mobile computing devices containing PHI and that are at risk of breach.
PROCEDURE:
1. The hard drives of all mobile computers containing client information will be encrypted with a
HIPAA compliant encryption technology.
2. The IT Support Specialist will generate the encryption key for each mobile computer and keep a
text copy of the key on file as well as make it available to effected personnel supervisors in the
event the key is forgotten.
3. Effected personnel will be responsible for memorizing the encryption key and will not be allowed to
keep a written or other text copy of the encryption key with their mobile computer.
4. A rescue disk will be kept on file by the IT Support Specialist that will allow restoration of the
device in the event of encryption key failure.
5. All Flash / Zip drives must be encrypted by IT if Protected Health Information is on the drive.
(This includes Insite back-up files.)
Page | - 1 Printed: 2/17/2016 7:22 AM
106750853
6. All email sent containing Protected Health Information (PHI) will be sent encrypted or via secure
email website. Staff utilizing encrypted email will receive training in the process.
1/9/12
5/25/12
5/3/13
5/1/14
8/22/14
8/3/15
Please track revision dates in the table above
Page | - 2 Printed: 2/17/2016 7:22 AM
106750853
Related documents
Abstract - Chennaisunday.com
Abstract - Chennaisunday.com
Electronic Data Encryption Policy 2015
Electronic Data Encryption Policy 2015
QUIZ CMPE-552 17.01.2014 (90 min, 100 points)
QUIZ CMPE-552 17.01.2014 (90 min, 100 points)
26. Cryptology WS
26. Cryptology WS
Security Questions and Answers
Security Questions and Answers
Guidelines for Online Surveys - Research and Graduate Studies
Guidelines for Online Surveys - Research and Graduate Studies
Acc. Math 2—Encryption Task Acc. Math 2 Name Cryptology TASK
Acc. Math 2—Encryption Task Acc. Math 2 Name Cryptology TASK
Download
advertisement