Do you have access to Personal Health Information (PHI)?   Is your firm involved in ligation where personal health care records are disclosed?

Fines for non-compliance are reaching records levels.   Every law firm that deals with client health records are required by law to adhere to HIPAA compliance.

Some questions to ask yourself if you are compliant with HIPAA technology controls:

  • Are you confident that all your attorneys are educated on how to handle personal health information? Does your staff know what constitutes a breach or misuse of PHI?

  • Are the health care records encrypted within your organization? This includes if any access includes mobile devices?

  • Do we utilize multi-factor authentication to access information remotely?

  • Do we have logs of employees who accessed PHI and when they accessed it?

  • Do have a process on how and when to destroy PHI that was collected during a lawsuit?

  • Can we provide proof of the destruction? Was the destruction witnessed and documented?

  • Do we destroy all electronic copies of records? This includes any device that viewed the records?   Cell Phone? IPad? Tablets? Attorney laptop?

  • All electronic records that were destroyed must either have the data overwritten with a series of characters or the disk reformatted. Simply deleting the file does not constitute destruction of an Electronic Medical Record.

  • Were any copiers used to copy personal health care records? Do the copiers maintain hard drives?   If yes, do we delete the PHI information after our mandatory retention period?

If you answer no to any of these questions, you need to arrange for a security assessment by a reputable, experienced provider with the appropriate IT credentials.    The risks of non-compliance or a breach are too great to ignore.   You simply need to read the current headlines to see the impact these breaches are causing firms.

Call FocusPoint Technologies today for a free two-hour discussion to determine if your firm falls under the HIPAA requirements and what actions you should take to ensure compliance.