Health Information Management

Focus on people to address security concerns

HIM-HIPAA Insider, February 22, 2011

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

End users—the people in your organization who handle protected health information (PHI)—are one of your biggest security risks. Joy Pritts, JD, HHS chief privacy officer in the Office of the National Coordinator for Health Information Technology (ONC), discussed security and end users at the “2010 ONC Update” held December 14.

So where specifically can providers focus? 
  • Change staff behavior. Loss of data is often due to loss of equipment, both software and hardware, said Pritts. “It’s not necessarily a hacker coming into the system,” she said. “It’s people losing their flash drives or leaving their laptop computer in the pocket seat of an airplane or in a taxi cab.” Preventing these breaches isn’t a simple task, Pritts noted. “Behavior change is major, and that’s what we’re asking providers to do is really to focus on and change some behavior.”
  • Create awareness. Providers must make staff members aware of the importance of protecting PHI, said Pritts. Organizations can take various steps to do so. For example, Pritts said one member in a recent discussion group noted she’d be happy if she could just teach others not to record their passwords on sticky notes attached to their computers. Providers need to communicate this information to prevent these risky practices in a healthcare environment, Pritts said.
Editor’s note: For additional tips, see the February issue of Briefings on HIPAA.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular