Corporate Compliance

Tip: Avoid these ongoing compliance problems in your facility

Compliance Monitor, April 25, 2007

More than three years after the privacy rule's compliance date, there are still persistent compliance problems. Staff use their access privileges to snoop on friends and family, portable devices disappear, and faxes go to the wrong person.

The human factor seems to cause one of the most common compliance problems and one of the trickiest to prevent-deliberate snooping and intentional disclosures. These often occur when emotions are running high (e.g., when staff members are involved in divorce or custody battles or when disgruntled employees lash out).

Ask about any relationships between the involved parties when investigating privacy complaints. Also check to see whether there's a pattern of multiple complaints or a sudden spike in complaints, which might indicate that someone is deliberately misusing records. And be on the lookout for these kinds of breaches when you perform your regular compliance auditing. Examine audit trails and conduct random checks to see whether staff are accessing records that they don't need for their jobs.

Also, check to see whether an employee is accessing particular records more often than normal, as this can be a tip-off to inappropriate behavior. If you have someone in your facility who might be a target of such snooping (e.g., a celebrity, well-known local resident, or staff member), prevent compliance problems by blocking access to his or her record. Constantly remind staff of the serious consequences of inappropriately accessing or using confidential patient information.

Most Popular