While it is unclear how this case will be resolved, healthcare organizations must be particularly vigilant about all forms of HIPAA privacy violations when employees become patients. Frank Ruelas, compliance officer for Gila River Healthcare in Arizona, says adopting policies is insufficient. Ruelas notes "people would be exceptionally surprised if they knew how often employees inappropriately obtain or share other employees' medical information."
"Covered entities (CEs) should routinely run audits on their medical record systems that specifically track employees accessing other employees’ records."Additional safeguards and monitoring are necessary when workers are patients, similar to the measures applied to VIP patients are celebrities. This includes routine audits on medical record systems to track which employees are accessing other employees’ records. Healthcare organizations can utilize new low-cost on-demand SaaS analytics services to obtain these and other types of inappropriate access reports.
- Frank Ruelas, HIPAA College
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Workers Who Become Patients Require Extra Vigilance by CEs - www.AIShealth.com, 10/09/2013