TRENDING:

The Security Scrutinizer with Howard Anderson

Paying Attention to the Small Stuff

Howard Anderson (ismg_editor) • February 8, 2010    
Paying Attention to the Small Stuff

The spotlight is intensifying on the need to use the latest technologies to ensure the privacy and security of healthcare information, especially electronic health records.

That's largely because the HITECH Act set tougher penalties for violations of the HIPAA security and privacy rules and ramped up enforcement.

But sometimes, even the best technology in the world won't prevent a privacy violation.

In a recent interview, Rosemarie Nelson, principal at MGMA Consulting Group, Englewood, Colo., offered examples of bad habits at physician group practices that can lead to serious breaches of confidentiality.

She noted that staff members at some practices talk too casually about patients' conditions in front of other patients. "What happens in a lot of practices is that the staff becomes like family to some of the patients, and so the staff forgets that sharing health information is very important business," she said.

Surely we've all experienced similar circumstances. How many times, for example, have you walked into a doctor's office and been asked, quite loudly, to state the reason for your visit? That's not very conducive to keeping your information private.

Things can get even worse at the corner drugstore, where those waiting in line for a prescription can easily overhear the pharmacist informing another customer about the side-effects of an anti-depressant.

During a recent visit to a small group practice, Nelson said she discovered an open door to the closet where a server was stored. "When I asked why the door was open, they said the server would get too hot if the door was closed," she realled. "But the door should be locked with access controlled."

The bottom line? It pays to sweat the small stuff. And that means reminding staff frequently about how to ensure patients' privacy. Ongoing training is essential to carrying out any data security policy, Nelson and other experts stress.

And when it comes to training, Dan Rode of the American Health Information Management Association points out that those efforts must go beyond employees. "The workforce includes volunteers that work in the institution, physicians who work there but may not be employed by the organization, as well as all of the employees," Rode stresses.

How is your organization tackling the training challenge?



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.