Has your Practice implemented Workforce Security policies and procedures to determine whether a particular user has the right to access ePHI (electronic protected health information) based on his/her particular job duties and responsibilities? Some workforce members may require different levels of access based on his/her job function or role within your Practice. Do you have a technical system in place to monitor inappropriate access such as log in monitoring or other technical safeguards?
A recent employee at Montefiore Medical Center was fired for alleged theft and inappropriately accessing 4,000 patient medical records. The employee was accessing records from Jan 2020- July 2020 with no legitimate reason. The medical center in NY had placed safeguards of monitoring inappropriate access and this is how the employee was caught. This case is being currently investigated with law enforcement and the breach is currently under investigation with the OCR (Office For Civil Rights).
Remember, employees can face penalties and time served as this could be interpreted as violations of federal and state law including Computer Fraud and Abuse Act. WE will see this again in the media once the investigation is concluded.
“Protect What You Collect”
Do you know if your Practice is HIPAA compliant? Let us at Modern Practice Solutions be part of your team for HIPAA compliance. If you are a Privacy/Security Officer, Doctor, or upper management, join us in our 6- hour intense HIPAA compliance camp on October 30, 2020 where we break down HIPAA compliance to better assist you and your team in making the ‘good faith’ effort. A link is provided below to register.