Who Has Access to Your Vital Records? The Surprising Fact of Employee Snooping

A version of this article was first published on HIPAA Vault’s

According to a privacy breach survey of healthcare providers – 70% of which admitted to having at least one security breach – 35% attributed the breach to unauthorized access by employees. Take note of that stat: essentially, the survey found that the most common cause of HIPAA security breaches is actually small-scale snooping by employees. The results went on to reveal that 27% of breaches occurred when an employee viewed the medical records of friends and family, and 35% when employees checked the medical records of their work colleagues.

Secure and Appropriate Collaboration

It goes without saying that the need for collaboration among health professionals and their associates is essential. When teams can access and update vital records, including patient histories, X-rays, MRI’s, and more, care can be administered more effectively. With HIPAA protocols in mind, health teams must be able to retrieve, share and edit electronic protected health information (ePHI) in a secure interface, without the threat of outside access by malicious actors – or even inside snooping by employees. Thankfully, there are user-friendly, secure, customizable file management solutions – such as HIPAA Vault by HIPAA Vault, that provide the in-transit and at-rest encryption protocols necessary to ensure data protection, utilizing a password protected link – all while working in different locations and even different operating systems.

More than Technology

Yet even as the technology does its part, proper risk assessments should always be conducted to review how ePHI is created, used, stored and shared. A proper assessment will be followed by a risk analysis, ensuring that:
  • access controls are in place, with logins and data access being logged and checked regularly
  • careful analysis of all IT systems is conducted to determine if there are vulnerabilities and weaknesses that could lead to an unauthorized disclosure of PHI
  • reviews are done as to how data is shared with Business Associates. Have they also conducted a similar risk assessment – overseen by your HIPAA Security Officer – to ensure that their file sharing practices are also HIPAA compliant?
The temptation is high for employees to cross HIPAA privacy rules. Training is essential, as well as appropriate access controls to limit accessibility to personal data. In coordination with a HIPAA compliant file management solution, these resources can be a significant help in limiting unauthorized access to ePHI.

About HIPAA Vault:

HIPAA Vault is a leading provider of HIPAA compliant solutions, enabling healthcare providers, business organizations, and government agencies to secure their protected health information from data breaches, threats, and security vulnerabilities. Advanced security measures are needed to ensure HIPAA compliance, and customers trust HIPAA Vault to mitigate risk, actively monitor and protect their infrastructure and ensure that systems stay online at all times. www.hipaavault.com

Like this article?

Share on facebook
Share on Facebook
Share on twitter
Share on Twitter
Share on linkedin
Share on Linkdin
Share on pinterest
Share on Pinterest