iamkion132
n00b
- Joined
- Feb 27, 2007
- Messages
- 57
Sorry if this is the wrong forum/place to ask. I work at a senior home and I was wondering if there are any sort of HIPAA rules that govern how to deal with employee termination?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
HIPAA question regarding employee termination
- Thread starter iamkion132
- Start date
StarTrek4U
Gawd
- Joined
- Jan 8, 2003
- Messages
- 1,011
I'm no expert but I don't think so, HIPAA applies to patient medical records primarily. You may have GLBA or Sarbanes/Oxley issues to deal with however, is there a specific question you have?
Besides disabling all their accounts any generic accounts (a HIPPA violation on their own) should have their passwords changed.
Also if you think it would be an issue I found it useful to contact any of the primary vendors they worked with frequently.
Other than that I am not sure if anything else if necessary, unless they have taken data home with them.
Also if you think it would be an issue I found it useful to contact any of the primary vendors they worked with frequently.
Other than that I am not sure if anything else if necessary, unless they have taken data home with them.
http://www.texmed.org/Template.aspx?id=1501
While HIPAA doesn't state anything specific to termination that I am aware of, you still need to consider security during and after an employee exists the company. You want to make sure any privileges are revoked. You should also consider, if you don't already, making an employee sign a confidentiality agreement.
I also have to state that I am not, nor is this forum, lawyers. This is more of a question for your legal counsel and those who create your company policies.
While HIPAA doesn't state anything specific to termination that I am aware of, you still need to consider security during and after an employee exists the company. You want to make sure any privileges are revoked. You should also consider, if you don't already, making an employee sign a confidentiality agreement.
I also have to state that I am not, nor is this forum, lawyers. This is more of a question for your legal counsel and those who create your company policies.
iamkion132
n00b
- Joined
- Feb 27, 2007
- Messages
- 57
I'm no expert but I don't think so, HIPAA applies to patient medical records primarily. You may have GLBA or Sarbanes/Oxley issues to deal with however, is there a specific question you have?
I am their IT intern and my boss asked me if I was familiar with any rules or regulations regarding such termination including but not limited to HIPAA. They are creating some new policies and want to make sure that they are following any law correctly. This was said in passing so I didn't catch too much of it and I haven't had time to sit down and talk with what they are asking me to do.
Basically, it boils down to what happens when an employee is terminated/quits and what laws and regulations would they (the senior home) have to follow regarding this? Do we keep the employee's computer that they used stored for X years etc. If there are any resources that I could use to help me figure some of this out on my own that would be great.
StarTrek4U
Gawd
- Joined
- Jan 8, 2003
- Messages
- 1,011
I don't have any legal resources that I've used, but based on the number of audits that we've gone through (I work at a bank) basically what I can tell you is this:
Establish a procedure that basically relies on common sense, when the user leaves there needs to be some sort of paper/audit trail that can be followed, so their supervisor notifies HR, HR notifies IT within 24 hours who at that point immediately disable/remove access to the network and applications, their supervisor gets access to their email and network directory to search for relevant information and after a certain period the rest is deleted. You and your supervisor will know your industry better than me, but something along these lines should suffice. There may be some special care required for medical staff with access to patient data but again, I can't answer that for you.
Establish a procedure that basically relies on common sense, when the user leaves there needs to be some sort of paper/audit trail that can be followed, so their supervisor notifies HR, HR notifies IT within 24 hours who at that point immediately disable/remove access to the network and applications, their supervisor gets access to their email and network directory to search for relevant information and after a certain period the rest is deleted. You and your supervisor will know your industry better than me, but something along these lines should suffice. There may be some special care required for medical staff with access to patient data but again, I can't answer that for you.