Whether this is a HIPAA violation will depend heavily on who is sitting near you and what their job roles are....
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ideally, your coworkers are also dealing with HIPAA or other compliance related data, so they also are trained in how to handle protected data.
Assuming they are not trained, this situation is certainly a HIPAA violation in the making, if it isn't one already. Lack of private space means the potential for accidently leaking someone's personal health information (PHI) is much higher. Even when walking away from your desk for a few minutes, you now have to lock up any paper files and ensure that the screen saver has locked your monitor as well.
Since it's impossible to purchase a "Get Smart" cone of silence, there are a couple of other options. For starters, see if you can arrange to get a private office with locking file cabinets. If that's not realistic, hopefully there is a conference room or other useable private space to use for meetings with customers.
Regardless of the final solution, this is a prime opportunity to discuss your concerns with management. While they are doubtlessly aware of the existence of HIPAA, they may not be aware of the full extent of the regulation or that protected data is necessary for your day-to-day duties. Even in an organization that has a strong compliance program, it is not unreasonable to assume that management may be unaware of the logistical issues involved with the physical handling of data. Regardless, make managers aware of the situation so they can make the appropriate risk assessment and take appropriate actions.
- What's the best strategy to catch up with HIPAA compliance quickly? Read more.
- Is it against HIPAA regulations to permanently store sensitive data? Find out in this expert response.
Related Q&A from David Mortman
While IT security consultancies can be helpful when trying to find flaws in an information security management framework, there are ways to do it ...continue reading
PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security...continue reading
When hiring an information security team member, how important is a certification in information security? Learn how to talk to executives about ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.