SCGhealth Blog

Winter Liabilities- It’s Not Too Late to Keep Yourselves and Your Customers Safe

Monday, February 19, 2018

By Audrey Landers

On February 2nd, the famed meteorologist Punxsutawney Phil declared that we would be having a long winter. After seeing the snow and freezing rain that has struck our office since then, we certainly believe him. 

With winter weather comes ice and with ice come falls, slips and all kinds of accidents. Our clients tell us stories all the time! Several years ago a delivery man slipped on the ice in front of a two-story medical center and slid under his truck! The poor guy was stuck on the freezing ground for nearly an hour before someone on the second story saw his arm waving from underneath the vehicle. This same story played out again this year, when our own CEO Jen Searfoss heard a woman crying for help as she was walking into a store. The woman had fallen on the icy parking lot and, just like the delivery man, slid under her car.

The idea that a patient could hurt themselves on your property may seem like bad luck. But beyond their injury, there is another issue: liability. 

It is all too common for businesses to focus only on employee liability, completely ignoring the risks seen by customers and delivery people. While many businesses do well with day-to-day liability prevention, for some reason that all tends to go out the window when winter hits. This is even more true for lesser-prepared businesses located in the south. 

You can help decrease your liability in these dangerous conditions by making sure you keep your property safe, and by clearly marking anything that may be a danger. As the winter season continues and snow continues to melt and refreeze, here are a few things you can do to make sure you have done your due diligence in maintaining the safety of your property:

  • Spread salt in the parking lot
  • Keep walkways shoveled and clear of snow
  • Place cones around the most dangerous areas of icy parking lots to redirect traffic
  • Place “drive slow” and “slippery” signs outside
  • Place “wet floor” signs inside
  • Place mats or carpet tiles at the entrance to allow patients, customers and employees to dry their shoes
  • Remain aware of the conditions so you can take additional action as necessary

While some of these may seem like a lot of work, it’s less work than fighting a lawsuit from a patient, third party or staff. It is better to overprepare than to be caught unprepared.

Electronic HIPAA Violations

Thursday, July 20, 2017

Written by Nasir Abbas


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is pretty ancient. It passed through Congress in 1996, but the first regulation didn’t come out until 2003. The federal law established mandates the security and protection of sensitive patient information: protected health information (PHI) and personally identifiable information (PII). Two separate regulations cover how to keep this info private and secured.


We’ve published several blogs in the past discussing appropriate disposal of physical information and the risks associate with carelessness. Now let’s look at the electronic side of HIPAA. According to Joseph Mutlu, former Executive Vice President of Information Technology at SCG Health, two of the most often overlooked security safeguards pertain to inventory management. “Currently we are utilizing more and more removable storage options. These devices are easily lost and/or stolen, so it is wise to always keep a running inventory of these devices if they contain any sensitive information” observed Mutlu. The second issue is related to the systems themselves. “CPU cases contain the hard drive to your computer and can/should be locked. Anyone with the technical skills and know-how can effortlessly remove the hard drive in a matter of seconds, without the use of any tools.” If computers are left unattended, especially with distracted staff, one could slip out the hard drive and easily go weeks – maybe even months – undetected. By the time anyone realizes what has happened, whatever information was being stored on that hard drive would have been long gone.

Though these tips are highly beneficial and interesting, there are two procedures that should be followed to a T if you wish to protect yourself and your practice as best as possible. These two steps, if taken appropriately, make sure that even if your device is stolen or lost, your information remains hidden. Those measures are encryption and deletion.


With that being said, it is unfortunate that the protocols that most businesses are improperly executing are encryption and deletion. Encryption is the scrambling of data files, only legible to those with the decryption key. This ensures that if sensitive information were to fall into the wrong hands, said information would still be protected. “Always make sure that when sending encrypted files via email that you send two separate emails – one with the encrypted file and another with the key. Doing so protects you and the recipient in the case that one email was to be intercepted, it would be useless without the other,” says SCG Health CEO Jennifer Searfoss.

Deletion refers to the APPROPRIATE removal of information from networks and devices. Believe it or not, there is more to deletion than just emptying the recycling bin. If that is your method of electronic disposal, you are in dangerous territory. The truth is that information is still there and is far from gone. Anyone with the time and patience can retrieve that information. Just by simply Google searching “retrieving deleted information,” you will find numerous sites containing step-by-step instructions on how to do just that.

So, what can one do to make sure they are protecting themselves from all sides?

Steps to Take

Firstly, make sure you are familiar with your state’s regulations on the retention of medical records. The HIPAA Security Rule states that clinicians must keep any documents containing PHI for six years from the creation date or last known use date, whichever is later Again, double check with your specific state as the laws from state to state are different

Make sure you perfect your encryption protocols. Encryption is your first layer of defense and should not be taken lightly. Make sure files are correctly coded, and make sure to always send two emails (the encrypted file and the decoder key). Deletion is the next layer of defense, but is still extremely important and should always be performed to the highest level of completion. To completely and appropriately destroy data files, disks must either be magnetically wiped or completely reformatted and rewritten (minimum of three times through). Companies, such as Dell, offer destruction services, but you must always make sure they are HIPAA compliant before taking any action.

Overall, HIPAA violations can be avoided with a little training, education, attention and discipline. There are plenty of ways to protect your electronic information, but by following the procedures mentioned in this article, you will undoubtedly be on the right path to being HIPAA compliant.


Retention Laws Infographic

SCG Health blog by Email

Recent Posts



SCG Health is a tradename of the Searfoss Consulting Group, LLC. You may reproduce materials available on this site for your own personal use and for noncommercial distribution. For more information, please read the Content Sharing Policy. Art & design by SCG Health. DISCLAIMER: You should consult an attorney for individual advice regarding a particular set of facts and circumstances. SCG Health reserves the right to change the information on this website without notice.