Healthcare Asset Management

As part of the practice of handling protected health information (PHI) during their regular duties, healthcare providers must take precautions to safeguard sensitive information. The Department of Health and Human Services (HHS) recommends ten practices that anyone handling PHI needs to implement, the fifth of which is healthcare asset management.

What is Healthcare Asset Management? 

Healthcare asset management, as HIPAA views it, refers to tracking and maintaining any device that stores or accesses electronic protected health information (ePHI). Although not explicitly mandated by HIPAA law, asset management addresses several aspects required under HIPAA. 

The HIPAA Security Rule requires organizations to maintain a record of the movements of hardware and electronic media and any person responsible thereof. Part of an effective asset management policy is taking an inventory of all devices accessing ePHI, and anyone using that device. 

Additionally, the HIPAA Security Rule requires an organization to identify where ePHI is stored, maintained, received, or transmitted. Healthcare asset management also addresses this. 

In the event of a HIPAA audit, the Office for Civil Rights (OCR) will want to: 

  • Know how the location and movement of media and hardware containing ePHI are tracked
  • Obtain and review policies and procedures
  • Evaluate the content relative to the specified criteria regarding tracking the location of ePHI media and hardware”

HIPAA & Cybersecurity

HIPAA and cybersecurity go hand-in-hand. Protect your business, become compliant today!