Employee Files & What to Do With Them

By: Valery Bond, RHIT

As healthcare professionals, we take pride and care in the detail in maintaining our employee files.  Certain items must be separated from the others, files securely locked and out of reach from co-workers hands.  Personnel’s personal information must be protected.  We all know these things and probably already have a procedure in place for compliance.

Whether your facility has been deemed accredited (Joint Commission, for example) or just starting up, employee files must be maintained, reviewed, audited, and kept according to retention requirements.  Knowing which laws apply aids in keeping your business compliant.  For example, pursuant to ERISA laws, there is no specific time period to maintain records that reflect age, marital status and/or service records.  The Social Security Acts states that employees’ social security numbers must be kept four years from the tax due date or payment of tax, whichever is later.  So, there’s a lot of tracking going on.Continue reading

HIPAA Security Basics: Keeping your Medical Web-Based Business Compliant

By: Shobha Lizaso

Medical web-based businesses have been on the rise, while the number of HIPAA enforcement actions by the US Department of Health and Human Services (HHS) has risen exponentially as well. Since the beginning of this year, HHS has announced several large settlements with companies that failed to comply with HIPAA Compliance requirements. For example, in January, HHS announced a $2.2 million settlement with a health insurance company when a breach resulted from a stolen portable USB device containing PHI. Also, In February, HHS announced a penalty of $3.2 million against a medical center for a breach that arose from a theft of an unencrypted laptop containing PHI. This enforcement activity is becoming the norm, so it is best to ensure that your medical website is legally compliant.

If you are handling any PHI on or through your website, you must ensure that your website is up to speed with HIPAA compliance. Here are some recommendations to address the security and privacy of PHI that your website may manage (please note that this is not a comprehensive list):Continue reading