For many hospital systems, handling a stratified-risk privacy operation is a time-consuming process. Depending on what type of privacy posture the organization is using, this can lead to an even greater influx of notifications, especially for less nefarious cases such as family member snooping or self-lookups. Due to a lack of resources, Privacy Officers either spend extensive amounts of time following up on the large volume of lower-risk violations or ignore them in favor of pursuing higher-risk cases. Both of these scenarios result in increased liability and inefficiency, and only target a small portion of the system-wide privacy violations that are occurring at any one time. Email automation can help Privacy Officers re-educate the hospital workforce, reduce their workload and increase their efficiency.

As a Privacy Officer with more than 30 years experience working in both large and small healthcare organizations, I’ve experienced multiple privacy postures, ranging from manual reactive audits to proactive privacy monitoring that allowed us to get ahead of breaches to patient privacy before they became catastrophic for the organization or patients. After three decades of experience, I realized that there are three things that every Privacy Officer should know to ensure they are applying best practices for privacy within their organization.

In 2015 and 2016, Protenus found that the privacy of professional athletes’ medical records was violated equal to or more than any other VIP or celebrity category. The majority of these privacy violators were repeat offenders. Why? In many cases, Protenus found that football enthusiasts were looking for a competitive edge in their fantasy league by looking at the athlete's records to identify injuries or other types of vulnerabilities.  

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule made many sweeping changes to the healthcare world. One of the most significant was the requirement that all healthcare organizations – no matter their size – designate a privacy officer whose primary duty is to protect the confidentially and privacy of patients’ protected health information (PHI).

It is no secret that electronic health records (EHRs) are incredibly valuable. One needs to only look at the number of cyber attacks that target healthcare organizations as proof that those records contain extremely valuable patient information.