Veriphyr Blog Becker's Hospital Review - Detecting Patient Privacy Breaches

Steve Katz, the worlds first Chief Information Security Officer, offers valuable insights on addressing impermissible use of patient data by employees, contractors, and 3rd parties in his article in Becker's Hospital ReviewKatz highlights how the impermissible use of patient data at a Florida hospital resulted in a $5.5 million-dollar fine by the US Department of Health and Human Services (HHS). Katz points out that detecting impermissible use of patient data by employees, contractors, and others is a significant challenge in a healthcare setting. "The challenge is understanding each employee's job responsibilities in fine detail and knowing whether those responsibilities justify an employee's access to a particular piece of patient data at a given point in time." "Moreover, a worker's job responsibilities and "Permissible/Impermissible Use" profile can change if they are temporarily redeployed to a different assignment or faced with an emergency."- Steve Katz, Advisor for the NH-ISAC (National Health Information Sharing and Analysis Center)Katz suggests that recent technical advances in data technology, in particular Structural Analytics, can help companies address the impermissible use of patient data for a fraction of the cost Wall Street firms paid years ago. "Structural Analytics are enabling hospitals to automatically and accurately determine the specifics of each employee's job responsibilities by analyzing data in their EHR and other clinical and business systems." - Steve Katz, Advisor for the NH-ISAC (National Health Information Sharing and Analysis Center)The article concludes that new data analytics, such as Structural Analytics, enable hospitals to detect and deter patient privacy violations and data theft by automatically comparing an employee's access to patient data with their job responsibilities. When implemented correctly, this approach can reliably distinguish between "Impermissible Use" and "Permissible Use" even when two workers, in the same department and with identical titles, access the same patient data just once. And it does so without require adding more staff. About Steve Katz: Steve Katz is an Advisor to the Board of the NH-ISAC (National Health Information Sharing and Analysis Center), was a founder of the FS-ISAC (Financial Services Information Sharing and Analysis Center), and is currently an executive advisor on privacy and security for Deloitte. He has been Chief Information Security Officer for Citigroup, head of Information Security for JPMorgan and helped manage the Information Security program at Kaiser Permanente. Sources: (a) HIPAA Violations and What Healthcare Can Learn From Financial Services - Becker's Hospital Review, 03/14/2017 Share