HIT Think

Five key privacy weak spots in healthcare facilities

Register now

Amid all the efforts to protect digital data in the healthcare industry, it can be easy to overlook the importance of protecting data in its physical or visual state.

Healthcare organizations continue to invest in and improve their cyber defense, forcing hackers seeking patient information to evolve their tactics in acquiring it. One of those tactics is visual hacking, which is the viewing or capturing of sensitive, confidential or private information for unauthorized use.

Healthcare organizations have an obligation to take all reasonable measures to protect sensitive data in this era of data breaches. This includes protecting patients’ personal demographic, health and financial information.

There’s also the matter of compliance. Privacy and security rules implementing HIPAA require that organizations use administrative, physical and technical safeguards to ensure the privacy and security of protected health information (PHI) in all forms, including paper and electronic form.

So what can organizations do to mitigate visual hacking threats? First, it’s important to know where the risks exist. Following are five common visual-privacy weak spots in hospitals and other healthcare facilities, along with potential solutions for addressing them:

Patient check-in. Curved or angled counters at patient registration or check-in areas can expose computer screens and any displayed information to the public.

Potential solutions:

  • Secure the check-in desk behind a glass barrier or use a counter built into a wall.
  • Use privacy filters on computer or device screens to blacken out the side views to onlookers.
  • Enforce clean-desk policies to remove sensitive information from view when not in use.

Exam rooms and hallways. Stationary workstations and computers-on-wheels (COWs) offer easy access to information, such as patient records, test results and prescriptions. But they also can expose sensitive information to passersby.

Potential solutions:

  • Place stationary workstations in rooms or side areas rather than busy hallways.
  • Require that staff lock or log out of workstations when not using them.
  • Require that COWs be brought into a patient’s exam room or left within view of the room if they can’t be brought in.

Nurse stations. Placing the computers in these stations to face outward toward halls and open areas may be convenient for staff, but it can expose information to unauthorized viewers.

Potential solutions:

  • Use a horseshoe station layout with computer screens facing away from visitors.
  • Enforce clean-desk policies.
  • Use privacy filters on computer screens.

Patient records. Patients and visitors are often restricted from record rooms. But the sensitive information in these rooms still can be vulnerable to insider threats.

Potential solutions:

  • Require that discarded documents be shredded rather than left exposed in trash or recycling bins.
  • Enforce clean-desk policies.
  • Use privacy filters on computer screens.

Mobile workers. A growing number of medical professionals and healthcare workers can access workplace networks using laptops and mobile devices. This can put patient information at risk of visual hacking within healthcare facilities and in public places.

Potential solutions:

  • Create and enforce policies regarding the proper use and handling of mobile devices.
  • Use privacy filters on mobile device screens.

The threat posed by an increasingly mobile workforce only reinforces the importance of keeping visual privacy efforts agile. Visual hackers are unlikely to abandon their efforts as long as opportunities exist. Healthcare organizations can minimize these opportunities by being vigilant, continually evaluating visual-hacking risks and adjusting their visual-privacy safeguards as needed.

For reprint and licensing requests for this article, click here.