What Information Do You Maintain that Must Be Protected?

Protect the information you maintain
Office of Public Relations
April 2005

The HIPAA Security Rule goes into effect April 21. Campus-wide policies have been drafted, thanks to the help of many people on all three campuses, and are posted on the UCD HIPAA web site. They can be found at http://www.uchsc.edu/hipaa/.

It is time for schools, departments, divisions – any unit (a group of people who work together and are somewhat distinct from the larger department, for instance, a lab) that creates, receives, maintains, or transmits electronic protected health information (ePHI) – to develop its own documentation on how it ensures the security of this information.

Look at the Best Practice Guidelines (http://www.uchsc.edu/is/security/securitypract.pdf) for more information on how to protect ePHI and other sensitive information. If you’re following the best practices in all applicable areas, you’re close to being in compliance with the HIPAA Security Rule.

A checklist for unit compliance is being developed to assist units with their compliance efforts. It will incorporate the Best Practice Guidelines, as well as instructions for developing documentation of special procedures in use in campus units.

Although the HIPAA Security Rule specifically describes required administrative, physical, and technical safeguarding of ePHI, as a general security measure, best practices should be extended to help us protect all of our sensitive information.

Begin thinking now about all the places where ePHI or other sensitive information such as social security numbers (SSN) may be stored:
• Do you keep it in files on your desktop computer?
• Class rosters, personnel files, patient notes that may be in documents like Word, Excel or e-mail?
• Do you keep ePHI on your laptop or PDA?
• How do you transmit ePHI – through e-mail?
• Connection to a database on a web site?
• Do you have documents containing sensitive research information that need to be protected?
• How about presentations or material to be published that might have data that you wouldn’t want made public before you’re ready?

These are all things to keep in mind when preparing your HIPAA compliance.

Questions? Contact the HIPAA office at HIPAA@UCHSC.edu or the HIPAA Hotline at (303) 72H-IPAA (724-4722).

Return to Vivat Online Front Page