Guarding Gabrielle Part 2: Protecting VIP Patient Privacy

Memorial Hermann has extensive audit capabilities of all of its electronic systems, which help keep it in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

By ·

Note: This is part 2 of “Guarding Gabrielle,” Campus Safety magazine’s three-part exclusive coverage of how Memorial Hermann Healthcare System and the University of Arizona Medical Center effectively managed the care, security, privacy and press coverage of Arizona Congresswoman Gabrielle Giffords while she was being treated at their facilities.   

With such a high-profile patient as Arizona Congresswoman Gabrielle Giffords being admitted for treatment, it could have been extremely tempting for some employees to try to circumvent Memorial Hermann’s logical access control technology. Fortunately for Giffords, as well as other Memorial Hermann patients, the healthcare organization has extensive audit capabilities of all of its electronic systems, which help keep it in compliance with the Health Insurance Portability and Accountability Act (HIPAA) of 1996.

Because of this precaution, as well as the hospital’s policies and employee education efforts, Giffords’ medical records were not breached while she was treated at Memorial Hermann.

“Our employees know that if you touch an electronic record, you will leave a finger print, and we will know you were in there,” says Memorial Hermann Privacy Officer Carol Paret. “If you get into an electronic record, you better be in there for a legitimate business purpose. [Employees] know we conduct random audits, and they certainly know we conduct audits on VIP patients.”

These are some of the technologies, policies and procedures the organization has adopted to protect Giffords’ privacy:

  • She was registered under an alias (there were some attempts to find her record under her real name)
  • All employees were notified that Giffords’ records were being monitored constantly. “Everybody who accessed her alias records or attempted to access her under her name, we knew about and were watching every day,” says Paret. “With those steps, you can catch things very early.”
  • All employees receive annual training on HIPAA. If they don’t take the course within the appropriate time frame, they lose access to the systems, which means they can’t do their jobs.
  • Memorial Hermann only uses role-based security, meaning it only allows individuals access who need access to the system or a portion of the system to do their jobs

Related Articles:


Robin Hattersley Gray
Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach. Twitter: @RobinHattSmiles www.LinkedIn.com/In/RobinHattersleyGray
Contact Robin Hattersley Gray: rhattersley@ehpub.com
View More by Robin Hattersley Gray
Executive Protection, Features, High Profile Patients, HIPAA, Logical Access Control, Privacy

Comments:
Commenting is not available in this channel entry.