Is your organization conducting “proactive security audits” by searching for instances of employees improperly accessing protected health information?

If not, that’s something you need to be doing, and you need not do it alone, says Mark Combs, assistant CIO and a certified HIPAA security specialist at six-hospital West Virginia United Health System. Engaging the human resources department as a partner to offer continuing education on data security will help raise awareness, and keep it high, among employees.

Proactive audits search millions of data access events, looking for key patterns, such as an employee searching for the record of a patient with the same last name or same street, or employees currently hospitalized. Because HR makes sure that everyone knows about the audits, employee snooping usually drops significantly, Combs says.

It’s important that employees also not snoop on their own electronic health records; that’s because data integrity is at risk, since employees often can modify the records. Before the EHR went in at West Virginia United Health System, everyone looked at their own records, Comb says. Now, less than one-half of one percent do.

Combs and Rob Rhodes, senior director of patient privacy solutions at software vendor Iatric Systems, will present anti-snooping ideas and technologies on April 14 during HIMSS15. Session 122, “Stop Insider Snooping and Protect Your Patient Trust,” is scheduled at 4 p.m. in Room S406.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access