Kanye West and HIPAA: an unlikely lesson

Learning about HIPAA is no fun task. To make it a little more interesting, we’re going to spice it up with a guest appearance by Kanye West. The musical artist’s recent stay at an LA hospital is a great example of what you need to know when educating employees about what constitutes a breach and how to avoid them. Read on for tips on employee education regarding HIPAA breaches.

Celebrity hospital visits

Under HIPAA’s privacy rule, a breach has occurred whenever patient information is accessed and shared by an employee unauthorized to access it and/or has no job-related reason to do so. So in addition to the hundreds of computer-based data security policies you need to design and implement, you also have to prevent employees from snooping on files inappropriately.

Most of the time there aren’t many reasons for an employee to go looking through medical files. But a great example of what these types of breaches look like involves Kanye West’s recent stay at the UCLA Medical Center. As an international superstar, more information on why Mr. West was admitted to the facility was in high demand.

Several employees ended up sneaking a look at his medical history and talking about it on social media, forcing the medical center to launch a breach investigation and eventually fire a number of individuals. It’s a great example of how HIPAA can affect our everyday lives, but what impact does it have on the average small- or medium-sized business?

Smalltown disclosures

Just mentioning someone has been admitted is enough to constitute a breach. For a more likely scenario, imagine you ran a clinic in a small town. You employed a high school senior as your receptionist and he or she helped a former teacher schedule a doctor’s appointment.

If the receptionist were to post about it on social media -- or even just text a couple of his or her friends -- that would constitute a data breach. Think about it, if that teacher’s appointment was for something embarrassing, students and fellow faculty knowing about it could result in quite a bit of “harm” to him.

IT solutions to avoid breaches

In addition to conducting multiple employee trainings per year, any HIPAA-compliant office should also implement:

  • Exhaustive URL filtering to keep employees with company-provided workstations from accessing social media sites, messaging platforms, and anything that could lead to a breach.
    Thorough mobile device management solutions to keep employees from using their phones to disclose protected information while at work.

As HIPAA experts, we know the most efficient route to reliable compliance. HHS audits are on the rise, and you need an IT consultant that leaves you feeling confident in your ability to weather whatever comes your way. For more information about our compliance services, call us today.

Published with permission from TechAdvisory.org. Source.