The Security Scrutinizer with Howard Anderson

Paying Attention to the Small Stuff

Paying Attention to the Small Stuff

That's largely because the HITECH Act set tougher penalties for violations of the HIPAA security and privacy rules and ramped up enforcement.

But sometimes, even the best technology in the world won't prevent a privacy violation.

"What happens in a lot of practices is that the staff becomes like family to some of the patients, and so the staff forgets that sharing health information is very important business." 

In a recent interview, Rosemarie Nelson, principal at MGMA Consulting Group, Englewood, Colo., offered examples of bad habits at physician group practices that can lead to serious breaches of confidentiality.

She noted that staff members at some practices talk too casually about patients' conditions in front of other patients. "What happens in a lot of practices is that the staff becomes like family to some of the patients, and so the staff forgets that sharing health information is very important business," she said.

Surely we've all experienced similar circumstances. How many times, for example, have you walked into a doctor's office and been asked, quite loudly, to state the reason for your visit? That's not very conducive to keeping your information private.

Things can get even worse at the corner drugstore, where those waiting in line for a prescription can easily overhear the pharmacist informing another customer about the side-effects of an anti-depressant.

During a recent visit to a small group practice, Nelson said she discovered an open door to the closet where a server was stored. "When I asked why the door was open, they said the server would get too hot if the door was closed," she realled. "But the door should be locked with access controlled."

The bottom line? It pays to sweat the small stuff. And that means reminding staff frequently about how to ensure patients' privacy. Ongoing training is essential to carrying out any data security policy, Nelson and other experts stress.

And when it comes to training, Dan Rode of the American Health Information Management Association points out that those efforts must go beyond employees. "The workforce includes volunteers that work in the institution, physicians who work there but may not be employed by the organization, as well as all of the employees," Rode stresses.

How is your organization tackling the training challenge?



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.