Home
Join

3 Replies

  • For HIPAA it comes down to "Least Permissions Necessary". Does the intern NEED access to patient information? If no, then you only allow permissions to systems and areas that are PHI free. If the answer is yes, then make sure whatever they are accessing has the least amount of permissions to accomplish their assigned tasks/duties. You will also want to do some risk assessment and note any mitigations where risk is increased. Give the intern the same trainings anyone else on your staff has to have. Make sure they sign any compliance or Acceptable Use Policies that are in place. Working with any end users in a healthcare setting presents some kind of exposure to PHI, you log on to a remote session where they have PHI on the screen - they should probably have exited or minimized applications with the information but sometimes they "forget". If you can't mitigate the risk to acceptable levels, you will have your answer. Otherwise, if you really want to train them on working in IT in a Healthcare setting, you will have to realize some access may be unavoidable and you need to put policies and procedures in place to keep PHI safe.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down
  • No.

    But the real question is, "Do I have an agreement in place (such as an employment agreement) where the interns agree to be bound by my policies and procedures regarding PHI?" And, another question is, "What recourse do I have against the intern if they violate my policies?"

    Ultimately, your company is responsible for the consequences of any violation. Handing PHI to an unpaid intern with no employment agreement is the same as handing the PHI to a stranger in the lobby.

    Was this post helpful? thumb_up thumb_down
  • Yes, of course.

    But if you apply your compliant procedures for PHI access also to your interns, then the answer is no. These procedures include also prerequisite training and approvals as Brian has reminded. And relating to Roberts sample of an unpaid intern, not signing a contract even with an unpaid intern is non-compliant and irresponsible too. It depends on jurisdiction if such a contract may be called work contract or employment contract.

    Spice (1) flagReport
    Was this post helpful? thumb_up thumb_down

Read these next...

  • Snap! Reporting phishing in Teams, State of IT, Arc A770 graphics card, Optimus

    Snap! Reporting phishing in Teams, State of IT, Arc A770 graphics card, Optimus

    Spiceworks Originals

    Your daily dose of tech news, in brief. How is it already Monday? Actually, how is it already October 2022? It felt like SpiceWorld was just starting, and already it's over (for this year). But don't worry, the fun continues as this month is Cybers...

  • Can you run a print server on windows 10

    Can you run a print server on windows 10

    Windows

    I have many clients with no servers.  Looking for the best way to manage printers.If I share the printer then that machine that shares the printer needs to be online to print correct?   Having to always download the print driver and lookup the printers IP...

  • Lost of VDI rights on Windows 10 Enterprise E3

    Lost of VDI rights on Windows 10 Enterprise E3

    Software

    I am migration from standalone Windows 10 Enterprise E3 online subscription to Microsoft 365 E3 online subscription. However, I am seeing this in the terms.https://www.microsoft.com/licensing/terms/productoffering/Microsoft365/MOSADoes this mean I am losi...

  • Spark! Pro Series - 3rd October 2022

    Spark! Pro Series - 3rd October 2022

    Spiceworks Originals

    Welcome to Monday. I am currently sat at home in isolation, with my wife and I having succumbed to the dreaded Covid-19 after managing to avoid it for the last two and a half years! Still, it gives me the chance to indulge my fancy in yet another Spark! t...

  • What security best practices would you suggest?

    What security best practices would you suggest?

    Spiceworks

    It's Cybersecurity Awareness month, which if people took seriously, would likely be a great boon to all of ITkind. :)  The National Cybersecurity Alliance suggests some specific things that people can do to increase cybersecurity: Enabling multi-facto...