: HOME  |  Privacy Policies  |  Frequently Asked Questions  |  Training

Privacy Forms - HCCs |  Privacy Information - Patients/Pacientes  

   Additional Information  |  Contact Information


YOU ARE HERE : HOME / HIPAA Frequently Asked Questions / How can I prevent a HIPAA breach?

5. How can I prevent a HIPAA breach?

Follow these suggestions from the IT Security website: 

  • Store sensitive data such as Protected Health Information (PHI) on a server in the campus enterprise data center.
    • Your Tier One or IT representative can assist in identifying the proper server location and “shared” drive letter for your department.

     

    • Sensitive data must not be stored or maintained on desktop computers or un-encrypted portable computing devices.

    Risks:Storing sensitive data on your local desktop places that information at risk in the event of a data stealing malware infection. Syncing your mobile device with University systems such as email or other desktop applications has the potential to inadvertently store this information in an unprotected manner. Loss of an unencrypted portable computing device places sensitive data on the lost device at risk of unauthorized access. Such events can constitute a HIPAA data breach in which individuals will be held personally liable for HIPAA fines and penalties. See HITECH on the web at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

    Regulations: Under federal and state law and University policy computer systems containing sensitive data with data-stealing malware infections or unencrypted mobile devices which have been lost are reportable as data breaches and must be identified to University officials. If you have any questions about your storage location or portable device please contact your Tier One or IT representative.

     

    • If your business process requires storage of sensitive data on a portable computing device such as a laptop, flash drive, or Smartphone, then that device must be encrypted with a Federal Information Processing Standard encryption mechanism. Seehttp://it.ouhsc.edu/policies/PortableDeviceSecurityPolicy.asp

     

  • Install and use the most current security software availablefor your system to protect against malware infections and data breaches. Currently these include:
    • McAfee VirusScan and Anti-Spyware for MS Windows and Macintosh operating systems.
    • McAfee SiteAdvisor for Microsoft Internet Explorer and Mozilla Firefox..
    • McAfee Endpoint Encryption Full-Disk for laptop encryption.

    Contact your department Tier One or IT representative for more information before you install software on your desktop computer.

  • Follow safe Internet browsing and email practices.
    • Do not open suspicious email, especially email with unknown attachments or links to web sites.
    • Do not download non University applications or unknown software from the Internet. Example: screen savers or browser add-ons.
    • Do not browse the web or access email for non University related business. See: Acceptable Use of Information Systems policy athttp://it.ouhsc.edu/policies/AcceptableUse.asp

 



Return to FAQ List

TOP ^  


The University of Oklahoma Health Sciences Center
OUHSC HOME / SEARCH / FEEDBACK

Office of Compliance
P. O. Box 26901
Oklahoma City, OK 73129
Phone: (405) 271-2511, (866) 836-3150
Fax: (405) 271-1076

    
Copyright © 2014 The Board of Regents of the University of Oklahoma, All Rights Reserved.
Disclaimer | Copyright