HIPAA: Privacy Defenses

To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive information

To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive informationPeopleGeisinger employs a full-time privacy officer to evaluate internal systems issues and ensure regulatory compliance.

Process

Geisinger's procedural checks on access to sensitive information mean patients can sign up for access to the MyGeisinger Web portal online, while confirmation and instructions for logging on is handled "out of band," with hard-copy letters mailed to them. Non-Geisinger affiliated doctors must get a patient's written OK before accessing test results from Geisinger's electronic medical records (EMR) system.TechnologyGeisinger builds IT controls into its systems to enforce hospital privacy policies as well as state and federal regulations. Online medical records can be modified to limit access to parents and guardians depending on the age of the patient, or legal issues such as parental custody disputes that leave one parent as the health-care proxy.EducationDoctors and nurses receive training about practices for ensuring patient confidentialityfrom curtailing elevator conversations about patients to the proper use of online medical information services.Communication Chanaga and his staff in the Information Security Office vet new technologies by demanding details from vendors about the security features or holes in their products that could lead to privacy breaches. IT staff works with clinical staff to evaluate new technologies.OutreachGeisinger employs physician liaisons to educate nonaffiliated doctors about GeisingerConnect: the hospital's physician portal. The hospital also plans a marketing campaign to raise awareness about the new online services.

Join the discussion
Be the first to comment on this article. Our Commenting Policies