The Security Scrutinizer with Howard Anderson

Protecting the Average Joe's Records VIPs Aren't the Only Ones Who Merit Privacy Protection

So I was pleased to read that Penn State Hershey Medical Center recently fired a staff member for allegedly accessing former Penn State University football coach Joe Paterno's billing and registration records without permission.

See Also: From Authentication to Advanced Attack Vectors: Top Trends in Cybercrime in Q1 2016

The Patriot-News, the local newspaper that broke the story, reports that the breach was identified because Paterno's records were "put under an audit" to help prevent leaks.

The average Joe, and not just Joe Paterno, is worthy of privacy protection. 

Paterno's medical records weren't accessed, and there is no indication the information the snooper accessed was shared with anyone else, the newspaper reports.

When a hospital is dealing with a VIP patient, it certainly makes sense to take extra precautions to protect their privacy. But the average Joe, and not just Joe Paterno, is worthy of top-notch privacy protection.

Sending a Strong Message

It's certainly good to see that Penn State Hershey Medical Center invoked what appears to be a zero tolerance policy when it comes to records snoopers. That sends a strong message to the entire staff about the importance of patient privacy.

As the new year approaches, it's a good time to resolve that your organization will scrutinize its HIPAA compliance efforts and take the important step of educating staff about the sanctions they'll face if they violation patients' trust.

Our Healthcare Information Security Today survey shows that improving regulatory compliance efforts is the top priority for the coming year. It also shows that audit logs and log management are the top technology investment for the year ahead. These are good indications that healthcare organizations intend to take steps to make sure records snoopers don't violate the privacy rights of the average Joe.



About the Author

Howard Anderson

Howard Anderson

News Editor, ISMG

Howard J. Anderson is news editor of Information Security Media Group and was founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 34 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.




Around the Network