Three New HIPAA IT Security Policies

Following security breaches discovered in 2011-2012, Memorial Healthcare System has pledged to comply with a Corrective Action Plan issued by the Office of Civil Rights.  As part of this compliance, and in an effort to prevent future HIPAA violations, Memorial has implemented the following three new policies and is raising awareness with the workforce, vendors, and Business Associates.

Behind the Breach

Smart Snippet: Video
Datasource: Identity Theft
 
Smart Snippet: Video
Datasource: Monitoring access
 
Smart Snippet: Video
Datasource: Never share password doctor
 
Smart Snippet: Video
Datasource: Never share password nurse
 
Smart Snippet: Video
Datasource: Printing
 
Smart Snippet: Video
Datasource: Snooping
 

The Incident

A few years ago, Memorial discovered that individuals who worked in affiliated physicians' offices had inappropriately accessed patient information by using legitimate login credentials. True to its culture of compliance and transparency, Memorial proactively reported the findings of its internal investigation to the Department of Health and Human Services' Office of Civil Rights (OCR).

Other actions included:

  • Notifying all patients who may have been affected and providing them with free credit-monitoring.
  • Implementing new, sophisticated technologies designed to monitor use and access of patient data.
  • Further restricting access to protect patient information.
  • Enacting new policies and procedures to enhance password security.
  • Hiring IBM, a global leader in cybersecurity, to provide assessment, response, and monitoring services.  IBM continues to provide cybersecurity services to Memorial today.
  • Hiring an independent technology firm to conduct network audits and scans.

The Settlement

As part of a Corrective Action Plan (CAP), Memorial Healthcare System has been required to implement three new policies. The settlement places all Memorial employees, volunteers, vendors, and business associates under OCR's scrutiny. Memorial has actively distributed three new policies to raise awareness among all stakeholders.

Patient Privacy is Everyone's Responsibility

Smart Snippet: Video
Datasource: Phishing email
 
Smart Snippet: Video
Datasource: Extra prints
 
Smart Snippet: Video
Datasource: Secured video photos
 
Smart Snippet: Video
Datasource: Log off or lock computer
 
Smart Snippet: Video
Datasource: Phone fraud scam
 
Smart Snippet: Video
Datasource: Printing trash
 

As part of the Memorial Healthcare System family, it is your responsibility to report any suspicious activity and to ensure you are only accessing information that you have been authorized to access. Patient information can include family history, social security number, account numbers, palm print, medical records, admission and discharge dates, and other vital and confidential data.

Memorial Healthcare System has zero tolerance for snooping. No matter how well-intentioned a data search may seem, the act is considered a serious violation and can result in termination.

You are an ambassador of Memorial Healthcare System's standards. As a team, the actions of one affect us all. Protecting a patient's confidential data not only demonstrates moral respect, but also builds trust. Always remember what it means to be a part of the Memorial family-to care for our patients and to work as a unified force.

For more information or to report suspicious activity, please contact us at 954-265-1165 or mhsprivacy@mhs.net.