Although advancements have been made in health information storage and retrieval, health information security is still a primary concern of health care facilities and patients. While using electronic health records eliminates some of the security issues associated with using paper records, it can still be a challenge to maintain complete security over these systems. Ensuring that this confidential information is protected involves establishing and enforcing access and distribution policies.
Instructions
1. Inform staff of established policies. Hold periodic in-services to keep staff updated with access and distribution policies. Ensure that staff members understand the confidential nature of health information and the penalties for access violations. Make it clear that no staff member should attempt to gain access to information that is not necessary for his work completion. This includes searching for information about neighbors or celebrities.
2. Change access codes periodically. This limits the possibility of codes being stolen and misused. Require access codes to contain a combination of numbers, letters and special characters for greater security. Instruct staff members to memorize their codes and to never share them with each other. Consider using a system that initiates a lockout following a specified number of unsuccessful login attempts.
3. Perform regular database maintenance. Prevent health information from being corrupted or compromised by ensuring the electronic storage system is adequately maintained. Store and back up information on a secure server. Restrict database access to as few administrators as possible.
4. Set firm guidelines for information requests. Although each patient should have access to his health information, there must be guidelines in place for security reasons. Require photo identification and a legible signature for patient requests. Require completed authorization forms and patient approval before fulfilling third-party requests. Never give out more health information than is specified or allowed by office policy. For example, certain health information is given greater protection under federal and agency access regulations.
5. Monitor usage of health information systems. Perform regular checks to ensure that information isn't being accessed by unauthorized individuals. Track usage by individual user or department to validate each access and distribution occurrence. Keep a discrepancy log for immediate follow-up with each individual.
Tags: health information, access distribution, access codes, access distribution policies, distribution policies, Perform regular