• E-mail
• Print
• RSS

Web site spotlight: Should you use bait to catch snooping staff?

Staff Development Weekly: Insight on Evidence-Based Practice in Education, December 26, 2008

Want to receive articles like this one in your inbox? Subscribe to Staff Development Weekly: Insight on Evidence-Based Practice in Education!

It doesn't matter whether a staff member peeks at the medical record of Tiger Woods, John McCain, your mayor, or your next-door neighbor. Inappropriate access to medical information is a HIPAA violation.

The seriousness of this problem has led some hospitals and other HIPAA-covered entities to enhance their investigations of security and privacy breaches. Instead of simply monitoring system access logs, they're using honeypots as bait to catch snooping staff members. Honeypots, also referred to as honeynuts, are fictitious medical records that information technology (IT) monitors to determine whether anyone is accessing them.

"It has spectacular results," says Gary Nichols, CISM, information security officer at Blue Cross Blue Shield (BCBS) of Arizona. "If you have 500 users who have access to a system and you are aware of patient information system access requirements, you know something is wrong when people start searching for and accessing records for Barack Obama."

But it's not necessarily an approach for everyone, says John R. Christiansen, JD, founder and managing director of Christiansen IT Law in Seattle. Establishing robust, granular logging and diligent log review procedures is the most efficient and effective method of monitoring and detecting snooping.

"Make sure people know that [audit procedures] are in place and investigate promptly if inappropriate access is indicated," says Christiansen. "Take quick, decisive action to punish the offender if inappropriate access is confirmed, and make sure people know when that occurs."

Editor's note: This excerpt was adapted from "Honeypots: A sweet tool for monitoring snooping" found in the Reading Room at www.StrategiesForNurseManagers.com. Get a free trial membership that will give you 30 days to test drive all the exciting features on the Web site.

Want to receive articles like this one in your inbox? Subscribe to Staff Development Weekly: Insight on Evidence-Based Practice in Education!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments