Keep patients’ information secure

Unauthorized access to patients’ protected health information is a serious threat to all health care providers. In addition to personal health details, patient PHI often contains other valuable information such as Social Security numbers, dates of birth and account details. For these reasons, office administrators must do everything they can to minimize the risks associated with unauthorized access.

To help safeguard patient PHI and comply with federal law, office administrators are encouraged to incorporate the following steps as best practices:

• Account management

Support a centralized tool for user account creation, modification and termination.

- Define, review and update access permissions to align with job roles and responsibilities.
- Provide clear instructions for employees to report any issues or concerns.
- Provide a clear policy outlining employee access rights and privileges, such as executing suitable member inquires.

• Access review frequency

Initiate access reviews when employees change roles or departments; revoke access promptly.

- Schedule quarterly or biannual audits of access levels to ensure compliance.
- Update employee access and roles to align with current job functions.

• Termination procedures

Set up procedures for promptly revoking access upon employee termination.

- Coordinate with the Human Resources department to ensure access termination aligns with employee departure dates.
- Conduct post-termination access audits to verify access removal.

For more useful tips, refer to the Keep Office Information Secure document on ereferrals.bcbsm.com.