HIPAA: Privacy Defenses
To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive information
By Paul Roberts
September 01, 2004 — CSO — To comply with federal regulations like HIPAA, Geisinger provides user education for staff, patients and business partners, and builds secure procedures to limit access to sensitive informationPeopleGeisinger employs a full-time privacy officer to evaluate internal systems issues and ensure regulatory compliance.
Geisinger's procedural checks on access to sensitive information mean patients can sign up for access to the MyGeisinger Web portal online, while confirmation and instructions for logging on is handled "out of band," with hard-copy letters mailed to them. Non-Geisinger affiliated doctors must get a patient's written OK before accessing test results from Geisinger's electronic medical records (EMR) system.TechnologyGeisinger builds IT controls into its systems to enforce hospital privacy policies as well as state and federal regulations. Online medical records can be modified to limit access to parents and guardians depending on the age of the patient, or legal issues such as parental custody disputes that leave one parent as the health-care proxy.EducationDoctors and nurses receive training about practices for ensuring patient confidentiality
Read more about data privacy in CSOonline's Data Privacy section.