Uncategorized

Monitoring PHI

By January 22, 2014 No Comments

Over the past year MRIoA has been evaluating The U.S. Department of Health and Human Services (HHS) Office for Civil Rights Omnibus HIPAA final rule.  It implements a number of provisions to strengthen the privacy and security protections of the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Health Insurance Portability and Accountability Act of 1996 (HIPAA).  Clearly patient privacy and its enforcement is an even more serious matter for all covered entities and business associates.

In an effort to continually improve our security measures with respect to protecting patient privacy, MRIoA has been testing a robust application that is designed help us identify the location of protected health information(PHI) on our networks.  In the event information is accidentally or intentionally misfiled on our network at a location that is not designated for PHI, this application will help us find it and move it to the appropriate location.  Additionally, access to every file is monitored, giving a robust audit trail with an increased ease for incident response investigations and privacy audits.

In a single application, we will be able to identify PHI outside of known locations. We will know who has permission to access it, and ultimately who did access it.   MRIoA is always looking for new ways to improve how we protect the most sensitive of data and be compliant with the Omnibus HIPAA final rule.

Don Murphy Jr., MS, CISSP

Vice President, Information Technology

Leave a Reply