Safeguarding ePHI (Go back)

Recommendations to safeguard ePHI
(Electronic Patient Health Information)

• Use your H: (home drive)
  
  • Instead of using laptops or other portable devices to store ePHI (Electronic Patient Health Information), use your Partners H: drive, which is securely maintained by Partners IS and available and accessible to users of PC's and Macs.
  • If you need access to the data from a computer outside the Partners network, connect to the Partners network via VPN and access the data on your H: drive.
  • While connected via VPN, do not save ePHI to your home computer’s drive or any non-Partners drive.
• Use a USB drive such as Ironkey with encryption and password protection
  
  • If you must transport identifiable data to another computer outside the Partners network, do so via a password protected portable drive that encrypts the data such as Ironkey.
• Clear your browser cache
  
  • If you are viewing data in a web browser, clear the web browser cache when you are done; click here to learn how.
• Code HIPAA identifiers
  
  • If using a laptop or portable device, code HIPAA identifiers and keep the key to the codes in a separate spreadsheet, database, Word document, or paper copy.
  • If all identifiers are coded or are not included in the data that are transmitted/copied to other computers or portable drives, the HIPAA Security Rule doesn’t apply.
• Employ secure password practices
  
  • Password protect all devices: servers, desktops, portables, removable media; consider using a USB drive like Ironkey.
  • Create secure passwords, 6-8 characters with at least one capital letter and one digit.
  • Protect your passwords; don’t share them or post them next to the machines to which they belong.
  • Use a unique password for each machine and for each user.
• Encrypt your hard drive
  
  • If you are a Mac user with ePHI on your hard drive, encrypt with FileVault, a utility that comes with your OS. See FileVault for OS 10.5 and FileVault for OS 10.4
  • If you are a Windows user with ePHI on your hard drive, use the Partners drive encryption utility, Safeboot, which will be rolled-out soon and announced on this site's homepage.
• Keep current with patches
  
  • Secure new devices before connecting to the Network by applying all security patches using Windows and Apple Software Update.
  • Do the same to keep existing desktops, laptops, and servers secure. Visit Partners Research Computing website HERE for PC information and HERE for Mac information, or call the Help Desk and request that a tech stop by to assist you.
  • Request Partners Information Security to do a vulnerability scan on your servers; this is quick, free and will identify potential security risks and how to patch them.

• Install and update anti-virus and anti-spyware software
  
  • Install anti-virus software, set it for auto-update, and for scheduled scans. Visit Partners Research Computing website HERE (internal link) for information.
  • Install and run anti-spyware software regularly as you would anti-virus software. Visit Partners Research Computing website HERE (internal link) for information.
• Password enable your screensaver
  
  • Non-Partners build PC’s and Macs do not have the built-in screensaver timeout feature that Partners PC’s have. Always logout and clear the browser cache before walking away from a non-Partners build PC or Mac after viewing ePHI.
  • Configure a password enabled screensaver on non-Partners build PC’s and Macs that host or are used to view ePHI; this may not be possible in all instances.
  • For directions on how to configure a password enabled screensaver for the Mac, go HERE (see last paragraph for password information). For a PC with Windows XP, go to point #6 HERE .
• Hardware disposal
  
  • Securely dispose of all devices that housed ePHI (PC’s, Macs, servers, hard drives, other removable media).