Monday, March 27, 2017

Becker’s Hospital Review: HIPAA Violations--What Hospitals Can Learn from Financial Services

Steve Katz, an advisor to NH-ISAC (National Health Information Sharing and Analysis Center), offers valuable insights on addressing impermissible use of patient data by employees, contractors, and 3rd parties in his article in Becker's Hospital Review

Katz highlights how the impermissible use of patient data at a Florida hospital resulted in a $5.5 million-dollar fine by the US Department of Health and Human Services (HHS).

Katz points out that detecting impermissible use of patient data by employees, contractors, and others is a significant challenge in a healthcare setting.

"The challenge is understanding each employee's job responsibilities in fine detail and knowing whether those responsibilities justify an employee's access to a particular piece of patient data at a given point in time."

- Steve Katz, Advisor for the NH-ISAC (National Health Information Sharing and Analysis Center)

Katz suggests that recent technical advances in data technology, in particular Structural Analytics, can help companies address the impermissible use of patient data for a fraction of the cost Wall Street firms paid years ago.

"Structural Analytics are enabling hospitals to automatically and accurately determine the specifics of each employee's job responsibilities by analyzing data in their EHR and other clinical and business systems. "

- Steve Katz, Advisor for the NH-ISAC (National Health Information Sharing and Analysis Center)

The article concludes that new data analytics, such as Structural Analytics, enable hospitals to detect and deter patient privacy violations and data theft by automatically comparing an employee's access to patient data with their job responsibilities. This approach eliminates false positives and does not require adding more staff.

About the Author: Steve Katz is an Advisor to the Board of the NH-ISAC (National Health Information Sharing and Analysis Center), was a founder of the FS-ISAC (Financial Services Information Sharing and Analysis Center), and is currently an executive advisor on privacy and security for Deloitte. He has been Chief Information Security Officer for Citigroup, head of Information Security for JPMorgan and helped manage the Information Security program at Kaiser Permanente.

Sources:
(a) HIPAA Violations and What Healthcare Can Learn From Financial Services - Becker's Hospital Review, 03/14/2017


No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.