Protected Health Information and HIPAA
Confidential patient data items are stored in your local eNICQ database. Patient identifiers are protected health information as specified in the US Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations implementing HIPAA. eNICQ has been designed to ensure that protected health information cannot be sent to Vermont Oxford Network (“VON”) unless the submitting member has the appropriate agreements in place with VON. Hospitals in the US must implement measures to protect protected health information from unauthorized access, as specified in the HIPAA Privacy and Security regulations. Users of eNICQ software should be sure to comply with local hospital policies and good information security practices to protect data in the eNICQ database. Hospitals outside of the US should work with their legal and information security departments to determine the appropriate safeguards required in their jurisdiction(s).
Your IT department should review security measures in place at the database level to ensure that the application is implemented to be accessible only to hospital staff members who have permission to access the data.
If you are unsure about the adequacy of your information security safeguards, or have any difficulty implementing the instructions in the guide, please consult your IT department or a qualified information security professional for assistance, in order to help prevent HIPAA violations and potential breaches of information security.