Blogs Home
Tuesday, November 22, 2022 11:00 AM

HIPAA & The Holidays: Tips to Maintain Compliance

Written by Jackie Lo, Senior Privacy Analyst - iatricSystems


It's the most wonderful time of the year, but for healthcare professionals, it can also be one of the busiest. As you celebrate with your family and friends, don't forget about HIPAA policies and other privacy regulations that must be followed even during the holiday season. Here are some tips to help make sure you stay on track and maintain compliance policies while still enjoying all the festivities.

Protecting PHI — As at any time of the year, protecting patient PHI is of the utmost importance. However, during the commotion of the holidays, this can be easier said than done.

  • If you're working in an area where there might be an uptick in patients, make sure you're prepared for the extra work before it comes your way.
  • Keep your eyes peeled for insider snooping, as relatives are likely to check in about their loved ones to see if they'll be discharged before the holidays.
  • Be wary of the fact that more employees will be taking vacation. When there are fewer eyes on shift managers’ desks or watching over patients in their final days before going home, mistakes can easily happen during peak hours and periods of high volume.

Defending against ransomware — the threats of ransomware are ever-increasing. And with the holidays approaching and employees expecting to have busy schedules, it is easy to become distracted and fall victim to ransomware and scams.

  • Ensure the highest level of cyber security by implementing multifactor authentication, using strong passcodes, performing software updates when needed, and being aware of email phishing and scammers.
  • Simple tasks such as checking a relative’s flight status or online holiday shopping may put your hospital's ePHI at risk for ransomware. The best way to protect your hospital from becoming a victim of ePHI threats is to ensure that clear policies and procedures are enforced for internet access on hospital equipment. Make sure your employees know the dangers and responsibilities that come with accessing outside links, and the importance of protecting ePHI.

Physical safeguards — if we’ve learned anything from the Home Alone movies, criminal activity, and threats of burglary unfortunately peak during the holidays.

  • To secure the safety of your facility, staff, and patients, it’s important to follow the HIPAA Physical Safeguards. As per the HIPAA Security Rule, physical safeguards are defined as, “physical measures, policies, and procedures to protect a covered entity’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.” To ensure you’re following procedures and taking the right precautions, revisit the results from your risk analysis to better understand which physical safeguards are appropriate for your organization.
  • If your establishment has legacy or outdated servers, this can also present the problem of physical removal of PHI from your possession. Fortunately, solutions like our Data Extraction Suite can aid in migrating legacy data to your hospital’s current servers. For more information on the Data Extraction Suite and how it can create a more secure and maintainable environment for your PHI, please visit

Visitors and guests — to limit security threats, it is important to have a procedure to document visitors and guests when welcoming them into your facility.

  • As foot traffic increases during the holidays, all family, friends, delivery services, and vendors should be documented upon arrival. Depending on the layout of your facility, it may be wise to consider escorting guests to their destinations. This not only ensures the physical safety of your staff and patients, but also minimizes the risk of PHI access in the wrong hands as well.

Whether there’s an increase in suspicious activity, more staff out of office, or the need for automated assistance during the busy holiday season, Haystack™ iS was designed with your organization in mind. To help your organization remain HIPAA compliant, and for more information about our patient privacy solution Haystack iS, please contact us at or visit

From our team at iatricSystems to yours, happy holidays!