Dealing with Data Breaches

Greg Freeman for HealthLeaders Media , January 23, 2012
Are you a health leader?
Qualify for a free subscription to HealthLeaders magazine.

"It was clear that we were going to use this incident as an opportunity to become a leader in patient privacy," Feinberg says. "Not only did we do some technological fixes, but more importantly, we made a statement to ourselves internally that this would not be tolerated, and we cleaned house. We get the same kind of celebrities now, and nobody looks."

UCLAHS implemented a number of technological improvements, including the active monitoring of about 700 cases considered at risk for inappropriate access, so that all access is reported to network administrators and upper management. Anytime one of those records is opened, the user is asked to document specifically why. Those tech solutions are important, Feinberg says, but the culture change was by far the most important improvement.

The staff at UCLAHS is 85% unionized, and Feinberg says the union has been extremely supportive about the culture change and the punishment meted out for infractions. Feinberg also leveled the playing field so that if a physician acts inappropriately with records, the course of investigation and punishment is as equal as possible when compared to a staff member.

The culture at UCLAHS today is totally different regarding patient privacy, Feinberg says. Employees and physicians now have high respect for the privacy of records and routinely self-report possible violations—almost always minor, inadvertent transgressions—and they monitor each other closely. If an employee walks away from a computer monitor and leaves a patient record on the screen, others are likely to call the person on that error and suggest closing the document, Feinberg says, even though the computer will automatically log off after a short time.

Everyone is on high alert for privacy violations now, and looking over someone's shoulder at a computer screen is likely to result in a polite rebuke, the CEO says.

1 | 2 | 3 | 4 | 5

Comments are moderated. Please be patient.

1 comments on "Dealing with Data Breaches"

Stephen Dailey (1/18/2012 at 12:16 PM)
David: One component of Data Breeches that you did not comment upon is those breaches that do not occur at the provider faciilty and staff level. As a consultant for the Blue Cross and Blue Shield Association in 1994 and 1995 it was routine to access and use Hillary Clinton's Health Insurance Records to introduce staff to the National Accounts Claim System. I recall what I was shown in her insurance claims but will not share it. I was horrified. If health professionals have difficulty keeping their mouths shut and maintaining confidentiality, imagine the mountain 3rd party insurance payors must climb with simple claims examiners looking at records. Sure there are by now changes in policy in place but just imagine. Stephen Giles Dailey, FACHE 3729 Rhetts Landing Belleville, IL 62221




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2016 a division of BLR All rights reserved.