Friday, April 07 |
EHR systems are software or an electronic program that keeps client charts safer and more secure than traditional paper charts.
Since mental health EHRs contain protected health information (PHI) in a secure hosting environment, whether cloud-based or on-site, they are accountable to HIPAA compliance.
Here are the top 5 considerations for HIPAA and EHR implementation.
Your first action step should be to update policies and procedures for employees to follow the HIPAA safeguards. A well planned policy and procedure manual distributed to staff will help you make sure everyone knows what privacy and security of PHI entails.
Next, provide stringent training to employees so they are aware of and on the lookout for security risks and malicious attacks. Make sure you document employee training for verification.
Finally, make sure you run background checks on all employees.
Create physically inaccessible safeguards to prevent against unauthorized individuals. This could be as simple as locking office doors and ensuring your EHR system has an automatic logoff feature for idle workstations.
You also need contingency plans in place in case of emergencies. Cover who has access to PHI and how PHI is accessed.
Thirdly, each employee should have unique passwords and PINs a central position monitors. It is also good to change passwords periodically.
Lastly, make sure you can password protect certain windows or screens in your EHR to restrict access to only those who need it.
A system audit is a log that captures all attempts to access EHRs and PHI and documents the access results.
Identify weaknesses in how users access your behavioral health EHR system that could leave a hole for unauthorized users. Make each employee aware of proper procedures to tighten up any holes.
Next, you should educate users on how to detect possible security breaches or attempts. This is an ongoing practice requiring awareness training and refresher courses to keep everyone diligent.
Finally, publish the consequences to employees for not complying with HIPAA guidelines and your policies and procedures.
Data encryption is one of the most important aspects of HIPAA and EHR implementation. Make sure your EHR platform encrypts data during transmission and decrypts received data.
To make the most out of your encryption procedures, use data encryption best practices and expert methods.
When it is time to dispose of PHI, make sure you do it properly. Create policies and procedures for PHI destruction and disposal and make sure staff adhere. This is applicable for both electronic and paper PHI.
Remove any data from hardware you are repurposing, and keep track of where hardware moves and the loaded information on each machine.