Each year, the UC Davis Health system serves tens of thousands of patients, both in its hospitals and outpatient clinics. Safeguarding patient records and managing the supply of controlled substances are among the many compliance and regulatory tasks with which the Compliance Office is charged. With the volume of compliance issues the office was identifying and investigating, the team wanted to be able to customize its investigation workflows based on the type of incident and adjust its processes accordingly. 

The team at Protenus appreciates all of the work the healthcare community has done to respond to the COVID-19 health crisis. To help our customers and their colleagues, we have compiled a list of helpful resources. 

As a Privacy Officer with more than 30 years experience working in both large and small healthcare organizations, I’ve experienced multiple privacy postures, ranging from manual reactive audits to proactive privacy monitoring that allowed us to get ahead of breaches to patient privacy before they became catastrophic for the organization or patients. After three decades of experience, I realized that there are three things that every Privacy Officer should know to ensure they are applying best practices for privacy within their organization.

In 2015 and 2016, Protenus found that the privacy of professional athletes’ medical records was violated equal to or more than any other VIP or celebrity category. The majority of these privacy violators were repeat offenders. Why? In many cases, Protenus found that football enthusiasts were looking for a competitive edge in their fantasy league by looking at the athlete's records to identify injuries or other types of vulnerabilities.  

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule made many sweeping changes to the healthcare world. One of the most significant was the requirement that all healthcare organizations – no matter their size – designate a privacy officer whose primary duty is to protect the confidentially and privacy of patients’ protected health information (PHI).