HIPAA Security Walkthroughs
The Office of HIPAA Privacy and Security conducts random unannounced walkthroughs of the various sites of service of the University of Miami Health System in order to review practices that safeguard protected health information (PHI).
Below are some elements that are observed during walkthroughs:
- Notice of Privacy Practices is posted in patient registration/waiting areas
- Staff are wearing name badges
- Visitors are being monitored or escorted through restricted areas
- Conversations regarding an individual’s diagnosis, financial information, or other health information are not easily overheard by others
- Patient lists such as appointment or procedures with PHI are not readily visible by unauthorized individuals
- Documents containing patient information i.e. patient charts, lab reports are left unattended & accessible by the public
- Confidential information is not discarded in trash receptacles
- Computer passwords are not being shared or posted
- Computers left unattended are locked or logged off
After the walkthrough is conducted, a report is prepared outlining the findings, including deficiencies and recommendations for corrective action, if applicable. The report is distributed to either Vice Chair for Clinical Administration and/or facility leadership, for follow up as necessary.
If you have questions about this process, please contact the Office of HIPAA Privacy and Security.