We recently caught up with a few iatricSystems customers, and they revealed that they discovered that some of their employees were inappropriately viewing patients’ COVID-19 test results. They credit their ability to figuring this out to their Patient Privacy solution, which alerted them of the inappropriate access to patient information.
Given the ongoing spread of the virus, the risk it poses, and the relentless media coverage, it comes as no surprise that some healthcare workers might try to glean private information about a patient’s COVID-19 status, which potentially compromises their privacy.
The COVID-19 pandemic has increased the risk of patient information breaches internally and by malicious external hackers.
With the influx of COVID-19 patients and the overall complexities of dealing with the pandemic, it can be difficult for your employees to remember or adjust their understanding of privacy laws and rules.
What healthcare organizations can learn from this is that as your situation changes, your privacy monitoring needs to adapt and change with you too.
The best place to start is by reviewing and updating your documented policy and procedures handbook. Here are three action items to help guide you through the first few steps:
1. Make Your Handbook Accessible
You can’t call your employees out for doing something incorrectly if you never taught them what actions were right and wrong in the first place. This is why it’s so important you have physical documentation of your policies and procedures that includes how they access electronic health record systems and other ancillary applications where PHI is stored.
2. Set Up Clear Boundaries
If possible, restrict security by job title in your EHR to make sure employees only have access to the information they need to conduct their job. For instance, there’s no reason a clinical employee should be able to access the billing side of the system.
You should also make sure you have a policy in place that addresses access to an employee’s own charts or those of their family members.
3. Conduct Regular Auditing
Finally, make sure you set up regular auditing functionalities of your system. You could have as many policies in place, but at the end of the day, you need to make sure your employees are following through to maintain security.
Alert of unauthorized access doesn’t mean it comes from malicious intent. Frequently check in with your team to make sure they’re well trained on security policies and procedures.
Need more personalized help? Email us at firstname.lastname@example.org to set up a time to talk through a combination of processes and technology solutions to ensure you and your staff are fully covered from a patient privacy perspective.