In Brief

HIPAA: Privacy Defenses

To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive information

By Paul Roberts

September 01, 2004CSO — To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive informationPeopleGeisinger employs a full-time privacy officer to evaluate internal systems issues and ensure regulatory compliance.

Process

Geisinger's procedural checks on access to sensitive information mean patients can sign up for access to the MyGeisinger Web portal online, while confirmation and instructions for logging on is handled "out of band," with hard-copy letters mailed to them. Non-Geisinger affiliated doctors must get a patient's written OK before accessing test results from Geisinger's electronic medical records (EMR) system.TechnologyGeisinger builds IT controls into its systems to enforce hospital privacy policies as well as state and federal regulations. Online medical records can be modified to limit access to parents and guardians depending on the age of the patient, or legal issues such as parental custody disputes that leave one parent as the health-care proxy.EducationDoctors and nurses receive training about practices for ensuring patient confidentialityfrom curtailing elevator conversations about patients to the proper use of online medical information services.Communication Chanaga and his staff in the Information Security Office vet new technologies by demanding details from vendors about the security features or holes in their products that could lead to privacy breaches. IT staff works with clinical staff to evaluate new technologies.OutreachGeisinger employs physician liaisons to educate nonaffiliated doctors about GeisingerConnect: the hospital's physician portal. The hospital also plans a marketing campaign to raise awareness about the new online services.

hipaa

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors