HIPAA: Privacy Defenses
To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive information
By Paul Roberts
September 01, 2004 — CSO — To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive informationPeopleGeisinger employs a full-time privacy officer to evaluate internal systems issues and ensure regulatory compliance.
Process
Geisinger's procedural checks on access to sensitive information mean patients can sign up for access to the MyGeisinger Web portal online, while confirmation and instructions for logging on is handled "out of band," with hard-copy letters mailed to them. Non-Geisinger affiliated doctors must get a patient's written OK before accessing test results from Geisinger's electronic medical records (EMR) system.TechnologyGeisinger builds IT controls into its systems to enforce hospital privacy policies as well as state and federal regulations. Online medical records can be modified to limit access to parents and guardians depending on the age of the patient, or legal issues such as parental custody disputes that leave one parent as the health-care proxy.EducationDoctors and nurses receive training about practices for ensuring patient confidentiality
Read more about data privacy in CSOonline's Data Privacy section.
Is privacy an ally of security, next of kin, or something else? These articles dig into the hows and whys of data privacy and data protection, and its relationship to enterprise security efforts.
6 ways we gave up our privacy
The effect of social networks, web 2.0 technologies, and other privacy-shaking developments
7 Firefox plugins for data privacy
Plug data-leaking holes in your web browsing
4 signs of an easy victim on social networks
Scammers and hackers of all kinds scour social sites for personal data
Potential privacy 'gotchas' in cloud computing
How to respond to a data breach notification
5 things to know about the Chief Privacy Officer
- Understand Your Data: The Future of Backup and Archiving
- What You Need to Know About APTs
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
