IG: DoD Did Not Properly Secure Access to VIP Records
Experts: Private Healthcare Entities Struggle with Similar Woes
… “Record snooping of VIPs generally happens out of curiosity,” says Keith Fricke, principal consultant at privacy and security consultancy tw-Security. “Many healthcare organizations have protocols in place that closely monitor access to a VIP’s record.”
Healthcare entities can help prevent the unauthorized access to health information of high-profile individuals in several ways, Fricke of tw-Security notes.
“Education is high on the list. It is helpful to show the workforce a sanitized copy of an audit trail capturing access activity on a patient record,” he says.
It is also important to closely monitor activity logs for instances of access to a VIP record. This should be done during the length of stay when the VIP is in the hospital or outpatient clinic, he adds.
“It can be helpful to also periodically check access activity when a VIP is in the news. Some organizations make it known that a specified number of workers were terminated during the previous month or quarter … based on unauthorized access to a patient’s record – not necessarily limited to VIPs,” he notes.
Additionally, some healthcare organizations flag the human resources record of a terminated employee as “Do not hire” if the former employee was terminated due to a HIPAA violation, he says.