The Security Scrutinizer with Howard Anderson

Protecting the Average Joe's Records

VIPs Aren't the Only Ones Who Merit Privacy Protection

One of the most powerful ways to emphasize the importance of safeguarding patient privacy is to take serious disciplinary action against those guilty of privacy violations.

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

So I was pleased to read that Penn State Hershey Medical Center recently fired a staff member for allegedly accessing former Penn State University football coach Joe Paterno's billing and registration records without permission.

The Patriot-News, the local newspaper that broke the story, reports that the breach was identified because Paterno's records were "put under an audit" to help prevent leaks.

Paterno's medical records weren't accessed, and there is no indication the information the snooper accessed was shared with anyone else, the newspaper reports.

When a hospital is dealing with a VIP patient, it certainly makes sense to take extra precautions to protect their privacy. But the average Joe, and not just Joe Paterno, is worthy of top-notch privacy protection.

Sending a Strong Message

It's certainly good to see that Penn State Hershey Medical Center invoked what appears to be a zero tolerance policy when it comes to records snoopers. That sends a strong message to the entire staff about the importance of patient privacy.

As the new year approaches, it's a good time to resolve that your organization will scrutinize its HIPAA compliance efforts and take the important step of educating staff about the sanctions they'll face if they violation patients' trust.

Our Healthcare Information Security Today survey shows that improving regulatory compliance efforts is the top priority for the coming year. It also shows that audit logs and log management are the top technology investment for the year ahead. These are good indications that healthcare organizations intend to take steps to make sure records snoopers don't violate the privacy rights of the average Joe.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.