Dealing with Data Breaches

Greg Freeman for HealthLeaders Media , January 23, 2012
Are you a health leader?
Qualify for a free subscription to HealthLeaders magazine.

"Boy, are we in a different place than we were four years ago," Feinberg says. "The key was using what really was sloppiness to improve our culture."

The improvement has been evident in the C-suite just from the time spent on security breaches. In the first months after the scandal broke, senior leaders regularly attended meetings that went on for hours discussing dozens of transgressions and the resulting disciplinary action, Feinberg says.

"Now we meet once a month at the highest level and go over our breaches, and if we don't cancel the meeting because there's nothing to discuss, they're pretty boring right now. A typical issue would be someone in medical records put one person's fax with another person's and it was sent internally," he says. "The intentional breach really doesn't happen here like it used to."

Feinberg notes, however, that an intentional violation of privacy is not the only threat or even the biggest. UCLAHS is currently investigating a case in which an employee's laptop computer was stolen in a home invasion robbery.

At first UCLAHS leaders breathed a sigh of relief when they learned that the patient data on the laptop was encrypted. "But they also stole a list of passwords to the encryption," Feinberg says. "It almost never ends as we move toward more electronic medical records. They can be very, very difficult to secure because stuff like that happens. You can never let your guard down."

That is the kind of breach that is always on the mind of someone like Mark Moroses, chief information officer of Continuum Health Partners in New York City, which includes several major hospitals in the city (Beth Israel Medical Center, St. Luke's-Roosevelt Hospital, and the New York Eye and Ear Infirmary). Continuum has not suffered any significant breaches of PHI, but it employs a number of defenses including the protection of VIP patient records similar to UCLAHS's monitoring efforts. Those records include celebrity patients, but also hospital executives or anyone in the news because of a crime or noteworthy accident, he explains.

1 | 2 | 3 | 4 | 5

Comments are moderated. Please be patient.

1 comments on "Dealing with Data Breaches"

Stephen Dailey (1/18/2012 at 12:16 PM)
David: One component of Data Breeches that you did not comment upon is those breaches that do not occur at the provider faciilty and staff level. As a consultant for the Blue Cross and Blue Shield Association in 1994 and 1995 it was routine to access and use Hillary Clinton's Health Insurance Records to introduce staff to the National Accounts Claim System. I recall what I was shown in her insurance claims but will not share it. I was horrified. If health professionals have difficulty keeping their mouths shut and maintaining confidentiality, imagine the mountain 3rd party insurance payors must climb with simple claims examiners looking at records. Sure there are by now changes in policy in place but just imagine. Stephen Giles Dailey, FACHE 3729 Rhetts Landing Belleville, IL 62221




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2016 a division of BLR All rights reserved.