PrivaPlan Blog

Phishing schemes: A HIPAA Security Reminder! Don’t fall victim to phishing schemes!

Posted on

Recently we have noted an increase in the volume of phishing schemes. Some of these can be relatively benign-forcing you to a website to promote a product or service. But many of these schemes can infect your workstations or networks with malicious viruses, Trojans and other malware. And even more insidious, many phishing schemes “dupe” unsuspecting individuals (members of your workforce). For example we are seeing Phishing schemes that appear to be from legitimate organizations you are doing business with (American Express, Microsoft, Apple and so forth).

Once you open these emails you may be asked to go to a secondary website where additional information is requested-such as your email log in and password. If you are particularly busy multi-tasking you could even inadvertently enter this data and have email and other systems compromised.

 

We encourage all PrivaPlan user to update their HIPAA security training by issuing periodic reminders to avoid any Phishing scheme and to always ask IT or management prior to opening suspicious emails.

 

Do you know where your ePHI is?

Recently we have heard of situations where the imaging systems in use by some of our larger medical practices or hospital clients transmits PHI automatically to the vendor for reliability and performance monitoring.

 

Of course vendors should have access to the minimum necessary PHI to fulfill their service and support roles. But to the degree possible this should be defined as a specific permitted use in the Business Associate Agreement. Additionally, we suggest:

 

· Asking the vendor to state in writing the specific PHI they need to collect

 

· Confirm that the collection of PHI is done using a secure transmission protocol

 

· Define what they do with PHI once the vendor agreement is terminated and/or when the data is no longer necessary

 

· Require the vendor to get your approval if they plan on “pulling” more data

 

· Establish that such data is stored securely at the vendor’s site

 

For our detailed newsletter with exclusive content & more helpful tips on PHI & Phishing Security, purchase a PrivaPlan Toolkit subscription in our STORE to keep up to date with your HIPAA compliance!