• E-mail
• Print
• RSS

Hospital privacy, security officers make their wish lists

HIPAA Weekly Advisor, December 27, 2010

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

What is on the holiday wish list for privacy and security officers?

According to recent Ponemon Institute study on data security, it's more staff, more time, and more resources to protect patient privacy.

Of the 65 hospitals surveyed, most in the 100- to 600-bed range, 71% said they have inadequate resources to prevent and quickly detect patient data loss. We caught up with some privacy and security officers ourselves to see what they're hoping for this holiday season:

No breaches. "[I want] to have no breach incidents so I don't have to face an OCR audit," says Dena Boggan, CPC, CMC, CCP, HIPAA privacy/security officer at St. Dominic Jackson Memorial Hospital in Jackson, MS.

Too bad wishes aren't retroactive. This year , there were a few data breach whoppers. In September, California health officials fined Lucile Salter Packard Children's Hospital at Stanford University was fined $250,000 for failing to report within five days a breach of 532 patient medical records in connection with the apparent theft of a hospital computer by an employee.

In October, a computer flash drive containing the names, addresses, and personal health information of 280,000 people disappeared from Philadelphia companies Keystone Mercy Health Plan and AmeriHealth Mercy Health Plan, one of the largest recent security breaches of personal health data in the nation.

And in November the Connecticut Insurance Commission announced a settlement with Health Net in which the insurer agreed to pay the state $375,000 in penalties for failing to safeguard the personal information of its members from misuse by third parties.

More time. "I wish for more time to study the regulations in depth so that I am at my 'knowledgeable best' when discussing and training [on HIPAA issues],"says Boggan.

More staff. Another common wish is for more staff, which would hopefully would translate to fewer work hours. "An elf to help me magically finish all of my work in a goodly timeframe would be a Christmas miracle!" says Brandon Ho, CIPP, HIPAA compliance specialist for the Pacific Regional Medical Command based at Tripler Medical Center in Honolulu.

Employees who follow the HIPAA rules. Boggan wishes for employees to access only that information they need to do their jobs. "It's a no-brainer, but you'd be amazed at what hits the audit reports," she says. She hopes to never receive another e-mail notification stating that a user has triggered an exception in the hospital's auditing system.

Editor’s note: Next week, HIPAA Weekly Advisor will feature more holiday wishes among privacy and security officers.
 

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive