Dealing with Data Breaches
Qualify for a free subscription to HealthLeaders magazine.
"Boy, are we in a different place than we were four years ago," Feinberg says. "The key was using what really was sloppiness to improve our culture."
The improvement has been evident in the C-suite just from the time spent on security breaches. In the first months after the scandal broke, senior leaders regularly attended meetings that went on for hours discussing dozens of transgressions and the resulting disciplinary action, Feinberg says.
"Now we meet once a month at the highest level and go over our breaches, and if we don't cancel the meeting because there's nothing to discuss, they're pretty boring right now. A typical issue would be someone in medical records put one person's fax with another person's and it was sent internally," he says. "The intentional breach really doesn't happen here like it used to."
Feinberg notes, however, that an intentional violation of privacy is not the only threat or even the biggest. UCLAHS is currently investigating a case in which an employee's laptop computer was stolen in a home invasion robbery.
At first UCLAHS leaders breathed a sigh of relief when they learned that the patient data on the laptop was encrypted. "But they also stole a list of passwords to the encryption," Feinberg says. "It almost never ends as we move toward more electronic medical records. They can be very, very difficult to secure because stuff like that happens. You can never let your guard down."
That is the kind of breach that is always on the mind of someone like Mark Moroses, chief information officer of Continuum Health Partners in New York City, which includes several major hospitals in the city (Beth Israel Medical Center, St. Luke's-Roosevelt Hospital, and the New York Eye and Ear Infirmary). Continuum has not suffered any significant breaches of PHI, but it employs a number of defenses including the protection of VIP patient records similar to UCLAHS's monitoring efforts. Those records include celebrity patients, but also hospital executives or anyone in the news because of a crime or noteworthy accident, he explains.
- Hospital Groups Strike Back at Hospital Rating Systems
- 5 Hot Healthcare Ideas from SXSW
- AHIP: Enormity of HIX Challenges Sinks In
- Hospital CEO Turnover Hits Record High
- The Secret to Physician Engagement? It's Not Better Pay
- Another SGR Patch Likely, Lawmaker Says
- Rules to Rein in HIX Narrow Networks Could Drive Away Payers
- How Succession Planning Boosts Employee Retention Rates
- 4 Marketing Tactics for Hospitals on Instagram
- 4 Reasons PCMH Principles Aren't Going Away