• E-mail
• Print
• RSS

Tip: Train staff on electronic safeguards

Compliance Monitor, March 3, 2004

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

Electronic safeguards such as passwords and codes certainly help protect systems from unauthorized access, but they aren't enough, says Christine Jensen, corporate compliance director for Denver Health in Denver. "Training is crucial. Every year we train staff on privacy and security issues, and every year we ask each employee to sign a confidentiality statement."

Eileen Bryant, health information management (HIM) director at Massachusetts General Hospital (MGH) in Boston, agrees that frequent and consistent staff training is the best way to protect confidentiality of all medical records, including employees' records. "We schedule an HIM Awareness Week several times each year," she says. "The last one we held focused on employees as patients. All new employees are trained in confidentiality as an important part of their orientation . . . [and] sign confidentiality statements."

MGH also restricts access to employee patient records. "Whenever an employee becomes a patient, the chart gets a medical record number that is a restricted access code. A warning comes up on the computer system any time that record is accessed. We do the same thing for high-profile patients and any patient who requests that [his or her] name be kept out of the patient directory. When an employee accesses a record like this, he or she doesn't know whether it's a fellow employee or not."

Upon request, any MGH patient can have his or her last name kept off white boards on the wards. The only exception to this policy is in the operating room where full names must be recorded. Like Denver Health, MGH conducts random audits to be sure that only staff involved in care have had access to a medical record.

Want to receive articles like this one in your inbox? Subscribe to Compliance Monitor!

• E-mail to a Colleague
• Print
• RSS
• Archive