HIPAA Security Rule Takes Effect Today

By Lisa Cisneros

Attention all employees of the UCSF workforce who use, create, transmit, or store confidential, electronic patient information: the Security Rule of the Health Insurance Portability and Accountability Act (HIPAA) goes into effect on Wednesday, April 20. All new employees must obtain the mandated training on the "Security of Electronic Information." The HIPAA security rule affects all health care providers, both institutions and individuals, and sets national standards for protecting and securing patient confidential health and financial information. UCSF has made it a priority to protect patient privacy through its own policies and by adhering to various state and federal laws that mandate the protection of confidential, patient health and financial information. The risk of improper access to electronically stored information, including cyber terrorism or hacking, and the theft of data on laptop computers or hand-held devices, threaten the confidentiality of patient and personal data. The HIPAA security rule poses new requirements and challenges for compliance, especially in securing confidential information that is used, disclosed, received, transmitted or stored electronically. The rule, when coupled with the penalties for violations of the HIPAA privacy rule and state law regarding social security numbers, raises the stakes for security lapses. Individual Responsibility The security rule places specific responsibility on each person who maintains, creates or transmits electronic health information, including protected health information and social security numbers, to implement reasonable and appropriate security safeguards; to receive training on the risks to confidential information; and to reduce risks at the individual's work station. To adhere to safe computing guidelines it is important to: • Use strong passwords that are hard to guess. • Keep passwords confidential. • Log off a computer before walking away from it. • Limit the confidential information sent via email to the minimum necessary to do the job. • Report erratic computer behavior or suspicious incidents to a department manager or IT Customer Support. • Report lost or stolen devices to UCSF Police at 415/476-1414. To obtain training on the security of electronic information go to the HIPAA website. New employees should also talk with their department manager regarding scheduled training sessions. Source: Lisa Cisneros

Related Links

Campus Prepares to Implement HIPAA Privacy Rules UCSF Works to Implement HIPAA