Blogs Home
Thursday, July 23, 2020 12:00 PM

How to Decrease COVID-19 Insider Snooping

Written by Rich Murphy, Product Director - iatricSystems

Privacy-Blog-Insider-Snooping-and-COVID-19 - Blog header July 2020

We recently caught up with a few iatricSystems customers, and they revealed that they discovered that some of their employees were inappropriately viewing patients’ COVID-19 test results. They credit their ability to figuring this out to their Patient Privacy solution, which alerted them of the inappropriate access to patient information.

Given the ongoing spread of the virus, the risk it poses, and the relentless media coverage, it comes as no surprise that some healthcare workers might try to glean private information about a patient’s COVID-19 status, which potentially compromises their privacy.

The COVID-19 pandemic has increased the risk of patient information breaches internally and by malicious external hackers.

With the influx of COVID-19 patients and the overall complexities of dealing with the pandemic, it can be difficult for your employees to remember or adjust their understanding of privacy laws and rules.

What healthcare organizations can learn from this is that as your situation changes, your privacy monitoring needs to adapt and change with you too.

The best place to start is by reviewing and updating your documented policy and procedures handbook. Here are three action items to help guide you through the first few steps:

1. Make Your Handbook Accessible

You can’t call your employees out for doing something incorrectly if you never taught them what actions were right and wrong in the first place. This is why it’s so important you have physical documentation of your policies and procedures that includes how they access electronic health record systems and other ancillary applications where PHI is stored.

2. Set Up Clear Boundaries

If possible, restrict security by job title in your EHR to make sure employees only have access to the information they need to conduct their job. For instance, there’s no reason a clinical employee should be able to access the billing side of the system.

You should also make sure you have a policy in place that addresses access to an employee’s own charts or those of their family members.

3. Conduct Regular Auditing

Finally, make sure you set up regular auditing functionalities of your system. You could have as many policies in place, but at the end of the day, you need to make sure your employees are following through to maintain security.

Alert of unauthorized access doesn’t mean it comes from malicious intent. Frequently check in with your team to make sure they’re well trained on security policies and procedures.

In this blog, I merely scratched the surface when it comes to developing and revising your privacy policy handbook. For more detailed information, download our eBook: How to Build Effective Privacy Policies and Procedures. Inside, we’ll guide you through all the steps, and you’ll find a checklist to help you determine if your policies need updating.

Need more personalized help? Email us at to set up a time to talk through a combination of processes and technology solutions to ensure you and your staff are fully covered from a patient privacy perspective.