Dealing with Data Breaches
Qualify for a free subscription to HealthLeaders magazine.
"Boy, are we in a different place than we were four years ago," Feinberg says. "The key was using what really was sloppiness to improve our culture."
The improvement has been evident in the C-suite just from the time spent on security breaches. In the first months after the scandal broke, senior leaders regularly attended meetings that went on for hours discussing dozens of transgressions and the resulting disciplinary action, Feinberg says.
"Now we meet once a month at the highest level and go over our breaches, and if we don't cancel the meeting because there's nothing to discuss, they're pretty boring right now. A typical issue would be someone in medical records put one person's fax with another person's and it was sent internally," he says. "The intentional breach really doesn't happen here like it used to."
Feinberg notes, however, that an intentional violation of privacy is not the only threat or even the biggest. UCLAHS is currently investigating a case in which an employee's laptop computer was stolen in a home invasion robbery.
At first UCLAHS leaders breathed a sigh of relief when they learned that the patient data on the laptop was encrypted. "But they also stole a list of passwords to the encryption," Feinberg says. "It almost never ends as we move toward more electronic medical records. They can be very, very difficult to secure because stuff like that happens. You can never let your guard down."
That is the kind of breach that is always on the mind of someone like Mark Moroses, chief information officer of Continuum Health Partners in New York City, which includes several major hospitals in the city (Beth Israel Medical Center, St. Luke's-Roosevelt Hospital, and the New York Eye and Ear Infirmary). Continuum has not suffered any significant breaches of PHI, but it employs a number of defenses including the protection of VIP patient records similar to UCLAHS's monitoring efforts. Those records include celebrity patients, but also hospital executives or anyone in the news because of a crime or noteworthy accident, he explains.
- MU Slides into Summer of Discontent
- Doc Shortage 'Fix' Is a Disaster Waiting to Happen
- 2015 OPPS Proposed Rule Detailed
- Physician Pay Increasingly Linked to Value-based Metrics
- Critical Times for Small and Rural Hospitals
- Advanced EHRs Save 10% Per Patient, Study Says
- Providence, Swedish Health Launch Employer-Driven ACO
- Fees Lurk in Health Plans' Shift to e-Payments
- 4 Hot Healthcare Exec Titles; 1 Not
- Infuriated by MOC Rules, Physicians Unleash on Certification Boards