April 24, 2024
It’s hump day! As we get through this middle bump of the week, we’re still rolling our series, Compliance Catastrophes; real-ish world examples of nightmare scenarios!
Today, we’re looking at you, healthcare workers and Business Associates! We know you do amazing work when taking care of patients, but keeping data secure is a part of building an awesome practice or business environment.
When given the keys to keep Protected Health Information (PHI) safe, it doesn’t mean to open the treasure chest of data! When working in this field, you’re around a lot of sensitive information, and it’s vital to uphold your commitment to patients by keeping it confidential!
We know it’s not all healthcare workers or their associates, but more people break this rule than you’d expect.
We’re getting scientific! There was a recent study that highlighted over 400 employees inappropriately accessing PHI at a hospital, and many only stopped accessing unauthorized PHI due to being warned they were caught by email.
It shouldn’t take being caught to change bad behavior! You know the drill – improperly accessing PHI is a breach of trust.
But just to be safe, let’s see an example of what you should not do. Now, joining us today, you guessed it, is our unlucky friend, Catastrophe Cathy.
PHI Peeking
Cathy was at the front desk when a familiar face showed up for an appointment. An old friend from high school that she hasn’t seen in years!
They chat for a little bit, and Cathy can’t help but wonder what brought this friend in.
When she’s closing up, she can’t ignore the voice in the back of her head to go look. She falls for the temptation and searches for her friend’s medical information, curious about what brought her old friend into the practice.
As she’s reading about her old friend, another employee notices what she’s doing. Cathy is embarrassed and ashamed, as well as she should be! She was breaching her old friend’s PHI. That information is strictly confidential, no matter how close they used to be.
Real Life: Real Fines
You might think that a situation like this could never happen to you, but it happens often and there are severe consequences.
Last year, the OCR fined Yakima Valley Memorial Hospital in Washington State due to some snooping security guards. Curiosity didn’t kill the cat, but did leave it with a hefty fine! Over 400 patients’ records were looked at and the hospital was charged with a pretty expensive bill: $240,000!
To avoid snooping breaches, make sure all staff are properly trained on their roles and responsibilities. Access controls need to be monitored often, ensuring staff only have access to what pertains to their role. Additionally, make sure logs are reviewed, keeping your eyes open for any suspicious activity.
We all deserve our health information to be secure, and healthcare workers and business associates are at the front lines of keeping it confidential. To learn more about common compliance catastrophes, email us at info@abyde.com and stay tuned for the next in our series on our social media!