This series is relevant primarily for employees who regularly handle medical records in doctor’s offices, healthcare organizations, and hospitals.
NINJIO has released a HIPAA Compliance track consisting of 3 Episodes. Following the NINJIO tradition, these Episodes are be inspired by a real life HIPAA breach, and our teaching will focus on typical end users who handle medical records.
Verify the email address of whomever you are sending an email to prior to clicking the ‘send’ button.
Call anyone who is requesting electronically protected health information (EPHI) in order to verify their identity.
Use hardware encryption for any portable devices which access, transmit, or store EPHI.
Wipe the hard drives of any old devices – or physically destroy them – before they are disposed of to ensure criminals can’t access any of the information that’s still stored there.
Under HIPAA, a staff member must not access an electronic health record without the need to do their job. Doing so is a violation of Federal law and the patient’s civil rights.
EPHI must be sent encrypted, as opposed to sending it via text message from personal devices without proper encryption.
Only the minimum amount of information should be sent to satisfy a request, and the email account should be protected with a strong, complex password.
HIPAA violations must be reported when they are discovered. Failure to do so is, in and of itself, a HIPAA violation.
Explains the Office of Civil Rights and its involvement with HIPAA.
Stresses the importance of security awareness training for hospital staff.
Reviews the important points introduced in Episodes 1 & 2.