All of your workforce members must be mindful of their responsibilities when given access to information “assets” such as hardware, software, storage media, etc. Such access is a privilege and should only be used for legitimate, job-related activity.  The recent Resolution Agreement between UCLA Health System and OCR is a clear example of abuse of information system privileges.  Learn more about what you and your company should be doing…

Using such access to look up family members, friends, celebrities and other employees without a genuine, job-related need is an abuse of such privilege and may subject the individual to sanctions, up to and including termination.

In particular, the HIPAA federal law and associated regulations protect the privacy and security of patients’ health data.  You may have been asked to sign a HIPAA confidentiality statements and are likely governed by both your company’s HIPAA policies as well as your company’s information system policies.

These policies apply to ALL workforce members regardless of tenure or rank.

In this regard, employees must guard their authentication credentials such as username and password. Do not share your password with any other workforce member. You do not wish to be held accountable for actions committed by another workforce member using your username and password. If you suspect your password has been compromised, please change it immediately.

Never leave your workstation unattended for any extended period of time, especially when displaying/accessing sensitive information. Before leaving, lock your workstation and/or close the relevant application (Windows users can use <Ctrl + Alt + Del> and select “Lock computer”).  Use a password-protected screensaver which activates after a suitable time (15 minutes or less) in case you are unintentionally away for longer than expected.

The complete HIPAA Privacy, Security and Breach regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group:
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – Sanction PolicyHIPAA Privacy and Security Reminders – Instant Message or Instant Mess? >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.