This series is relevant primarily for employees who regularly handle medical records in doctor’s offices, healthcare organizations, and hospitals.
NINJIO has released a HIPAA compliance track consisting of 3 episodes. Following the NINJIO tradition, these episodes are inspired by real life HIPAA breaches, and our teaching will focus on typical end users who handle medical records.
Verify the email address of whoever you’re sending an email to before clicking the send button..
Call anyone who is requesting electronically protected health information (EPHI) in order to verify their identity.
Use hardware encryption for any portable devices which access, transmit, or store EPHI.
Wipe the hard drives of any old devices – or physically destroy them – before they are disposed of to ensure criminals can’t access any of the information that’s still stored there.
Under HIPAA, a staff member must not access an electronic health record unless it’s necessary to do their job. Doing so is a violation of federal law and the patient’s civil rights.
EPHI should never be sent without proper encryption.
Only the minimum amount of information should be sent to satisfy a request, and the email account should be protected with a strong, complex password.
HIPAA violations must be reported when they are discovered. Failure to do so is a HIPAA violation.
Explains the Office of Civil Rights and its involvement with HIPAA.
Stresses the importance of security awareness training for hospital staff.
Reviews the important points introduced in episodes 1 & 2.