Hospitals Move to Tighten Data Security
Dom Nicastro, for HealthLeaders Media, September 15, 2010
- Gain executive sponsorship. "Using a honeypot implicitly communicates we don't trust our staff, even though we know that insider snooping is by far the most common cause of privacy or security breaches," John R. Christiansen, founder of Christiansen IT Law in Seattle, says. You need to have executive sponsorship willing to back you in the event that the use of honeypots results in controversy.
- Get HR buy-in. HR must be looped in to ensure that it will take appropriate action if you catch someone accessing records inappropriately, Christiansen says, adding that "legal counsel should vet the whole program to make sure legal risks are avoided."
- Conduct a risk assessment of your systems and equipment. Then create records for five media-centric personalities, making them as real as possible. Don't be too obvious. For instance, Madonna would probably not end up in a central Montana facility.
- Beware of entrapment. Honeypots are analogous to entrapment; they're bait that wouldn't work if someone wasn't predisposed to snooping, Christiansen says, because, as W.C. Fields said, "You can't cheat an honest man." Organizations should be certain that staff members know about policies that prohibit snooping and that system configuration prevents accidental access, says Christiansen.
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- CVS Ramps Up Retail Clinics with Provider Affiliations
- 4 Tectonic Shifts Shaking Up Healthcare
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says
- Contradictory Obamacare Rulings Issued by Appellate Courts
- Study Puts Spotlight on Preventing Fall-Related Injuries
- Wanted: Nurse PhDs
- As HIPAA Breaches Accelerate, Tools Lag
- Roundtable: Life After a Healthcare Organization Acquisition
- The Infection-Busting Treatment Payers Don’t Want to Talk About
- Medical Errors Third Leading Cause of Death, Senators Told