• E-mail
• Print
• RSS

Web site spotlight: HIPAA and honeypots: Sweeten your approach to catch snooping staff

Nurse Leader Weekly, December 22, 2008

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

It doesn't matter whether a staff member peeks at the medical record of Tiger Woods, John McCain, your mayor, or your next-door neighbor—inappropriate access to medical information is a HIPAA violation.

The seriousness of this problem has led some hospitals and other HIPAA-covered entities to enhance their investigations of security and privacy breaches. Instead of simply monitoring system access logs, they're using honeypots as bait to catch snooping staff members.

Honeypots, also referred to as honeynuts, are fictitious medical records that information technology monitors to determine whether anyone is accessing them. The terms "honeypots" and "honeynuts" derive from the notion that if you want to catch birds, you scatter birdseed.

Gary Nichols, CISM, information security officer at Blue Cross Blue Shield (BCBS) of Arizona says his contacts in the healthcare industry tell him the strategy is starting to catch on at HIPAA-covered entities, including hospitals. 

"It has spectacular results," he says. "If you have 500 users who have access to a system and you are aware of patient information system access requirements, you know something is wrong when people start searching for and accessing records for Barack Obama."

Editor's note: This excerpt was adapted from the article, "Honeypots: A sweet tool for monitoring snooping" featured in The Reading Room on HCPro's online resource center, www.StrategiesforNurseManagers.com. Get a free trial membership that will give you 30 days to test drive all the exciting features on the Web site.

Want to receive articles like this one in your inbox? Subscribe to Nurse Leader Weekly!

• Comment
• E-mail to a Colleague
• Print
• RSS
• Archive

Comments