All the security tools in the world won’t stop a determined employee from stealing ePHI. You can dramatically lower the risk, however, by taking the following precautions described in a recent posting at Data Breach Today.
Like all information security actions, take a multi-pronged approach. Restrict access on a need-to-know basis, do background checks, create ‘secure zones’ where electronic-protected health information cannot be accessed, implement data loss-prevention technology to restrict the use of USB ports and email, have good logging and monitoring controls, and regularly engage employees in IT policy training.
Best practices dictate a mixture of audits, training, investigations, response to complaints and regular notification of sanction policies letting employees know that inappropriate access will not be tolerated.
By taking these precautions, you can limit your risk substantially and reduce your liability.
To read the complete article, go here http://tinyurl.com/kjgxjma.