TRENDING:

The Security Scrutinizer with Howard Anderson

Privacy Protection: Deterring Snoops

High-Profile Patients Can Be Breach Targets Howard Anderson (ismg_editor) • October 27, 2010    
Privacy Protection: Deterring Snoops

The Dayton Daily News in Ohio reported this week that Miami Valley Hospital sent a letter to accident victim Brennan Eden, informing him that four employees inappropriately accessed his medical records. Eden was in the news when he was involved in a spectacular car crash captured by police video on Aug. 23.

The hospital did the right thing in making Eden aware of the breach of his privacy. But a hospital spokesman told the newspaper that the four employees are being disciplined in accordance with human resources policy, declining to reveal the level of discipline. And that's a big mistake.

Punishing Privacy Violators

As I pointed out in a blog earlier this month, Mayo Clinic took a much more clear-cut approach in similar circumstances. Mayo fired six employees for inappropriately looking at one patient's records and then publicized its disciplinary action.
A zero-tolerance policy, like Mayo's, can be a powerful deterrent. 

Although Mayo was tight-lipped about the details of the breach, it did a good job of communicating a zero-tolerance policy toward internal privacy breaches.

A zero-tolerance policy, like Mayo's, can be a powerful deterrent. But at the very least, hospitals and others should spell out to record snoop victims, as well as the public, precisely how they disciplined those who violated their privacy.

Small Breaches Are Serious Too

When it comes to breach prevention, much attention is being paid to avoiding major breaches affecting 500 or more patients, which must be reported within 60 days to the Department of Health and Human Services' Office for Civil Rights under the HITECH Act's breach notification rule.

But preventing smaller breaches, which must be reported to federal authorities annually, is equally important. Just ask Brennan Eden.

So how will your organization discipline employees who snoop at the records of celebrities, people in the news or any other patient? Have you got a clear-cut policy in place? We'd like to hear from you.



About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network

Mapping the Unseen Vulnerabilities of Zombie APIs
Mapping the Unseen Vulnerabilities of Zombie APIs
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Supporting CISA - The 'Focal Point of Our Defensive Efforts'
Good Governance: 'It's All Hygiene'
Good Governance: 'It's All Hygiene'
Israel-Hamas War: 'We All Know Someone That Lost Someone'
Israel-Hamas War: 'We All Know Someone That Lost Someone'
AI's Impact on Insurance and Healthcare Transformation
AI's Impact on Insurance and Healthcare Transformation
How a CEO Runs a Company in Wartime
How a CEO Runs a Company in Wartime
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.