by  Wyn Staheli, Director of Content
February 9th, 2015

How secure is your computer? Do you have a password on your computer? Do you have the automatic log offs turned on? Is your computer encrypted? Are your off-site storage files encrypted?

This document is designed to give some basic information about making your office a little more secure. It is not a substitute for a thorough HIPAA risk assessment.

However, there are some steps you can take right now to help cut your risk of identity theft, or security breaches. Take steps TODAY!

HIPAA & Passwords

Regardless of whether you are a HIPAA covered entity or not, passwords usage should be part of your office's Policies and Procedures Manual. HIPAA Complete offers a HIPAA Audit which walks you through your office to identify privacy and security shortcomings. Passwords are part of this audit process. HIPAA Complete has the logs, guidelines, and policy templates to get you started.


What is the big deal about encryption? Well, it is the best way to secure your computer against security breaches. What is encryption? Encryption is a process by which data is rendered unreadable/unviewable unless a "key" is used to unlock it. This is a great

"In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor,[3] the Data Encryption Standard (DES).

AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a Federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information .

Source: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Hopefully everyone is using medical billing software that utilizes encryption for their "data at rest" - that is, data that is not moving anywhere on your hard drive. Sadly, most people do not realize that there is also a security "gap" when the data is NOT at rest. Here are three scenarios explaining when data is NOT at rest:

  1. Most programs let you export data from your computer. This is where it gets tricky. If you export data that contains Protect Health Information to a CSV file to any place on your computer that is NOT encrypted, then you are setting yourself up for a security breach. One reported security breach occured when an employee copied such a file to a USB drive which had the password taped to it!
  2. When you start your software program (even if properly encrypted when closed and password protected), your data is no longer "at rest". If your computer does not have firewall and spyware keylogger protection, you are setting yourself up for a security breach. Also, other users on your network who have access to that drive, will also have access to that data because it is opened for use.
  3. Emailing Reports from your software program to another provider is another case of data in motion. Most email servers are not encrypted - no, Gmail and Hotmail are NOT encrypted. Unless you you use encryption on the report itself there is no telling where that email will end up.

Even if you are using encryption on your software, if you wish to avoid the possiblity of a breach, there are also other measures that need to be taken. Here are a few Do's and Don'ts:

Do's and Don'ts

Don't do the following:

Do the following:

Encryption. (2015, February 9). Find-A-Code Articles. Retrieved from https://www.findacode.com/articles/encryption-resource-207-25414.html

© InnoviHealth Systems Inc

Article Tags  (click on a tag to see related articles)

Publish this Article on your Website, Blog or Newsletter

This article is available for publishing on websites, blogs, and newsletters. The article must be published in its entirety - all links must be active. If you would like to publish this article, please contact us and let us know where you will be publishing it. The easiest way to get the text of the article is to highlight and copy. Or use your browser's "View Source" option to capture the HTML formatted code.

If you would like a specific article written on a medical coding and billing topic, please Contact Us.


innoviHealth Systems, Inc.
62 East 300 North
Spanish Fork, UT 84660
Phone: 801-770-4203 (8-5 Mountain)
free demo
request yours today
free subscription
for any budget

Thank you for choosing Find-A-Code, please Sign In to remove ads.