Page 1 - HIPAA Guard Herald - July 2018 e-Newsletter
P. 1
HIPAA Guard HE RA L D
Y O U R MO N T H L Y N EW SL ET T E R O N SU R V IV I N G H IP A A
ISSUE 08 July 2018
LATEST ON HIPAA
Int er v i ew w i th Re g i o n a l G ener a l H o s p i tal' s
C hief P ri v ac y O fficer H ea t her T h o m p s o n
In continuation of our amazing interview , up close and personal with
Regional General Hospital’s (Williston, Florida) Chief Privacy Officer,
Heather Thompson. RGH is a Rural, Critical Access facility in North
Central Florida.
Question: Can you give us your top 3 reasons if you were asked
why should a company or organization particularly in the
Healthcare industry, have a privacy officer?
Heather: First and most importantly, to protect and ensure
patients’ rights and information. Second, to help maintain
administrative and compliance requirements. Third, to keep your
organizations employees educated on patient privacy and
education of the advancement of security and other safeguards.
# 1 N o Flas h Dri v es
Question: Can a healthcare organization afford not to have a
privacy officer like in the case of rural hospitals? Can they opt not One of those kinds of portable devices which has a growing concern as
to have one for their organization? If yes, why and if no, why not? to its vulnerability is USB Flash Drives. Your practice or your facility, in
Heather: I believe an organization can’t afford to not have a
Privacy Officer. Privacy is about respecting people, and people general, should be very cautious in allowing use and access of ePHI
having trust. If a person does not trust someone, you may lose offsite. Not only can these little devices transmit stored data away from
their relationship. In turn, a business such a small Rural Hospital, your machine, they can also transmit viruses and malware into a
will loose patients due to lack of trust and respect. It can then lead machine. Most facilities are updating their policies to completely outlaw
to a bad reputation and moral of the organization.
the use of flash/thumb drives to increase security. Never insert an
Question: How do you help create a culture of compliance for unknown flash drive into your device. Because these are so tiny, mass
privacy and security of PHI and ePHI within your organization? marketed, and so easily lost, it’s a definite risk to use them in a medical
Heather: I think a good way to create a good culture, is to give
employees all the tools and resources of keeping up with setting. Take some time and look around for any which may be located
knowledge and education. If we continue create a positive and in or around your site today, document it, and turn them over to IT
creative way to educate employees… they will have a good immediately.
understanding and feel comfortable with compliance. It becomes
a natural habit of their work day, and not something they feel is a Train your staff that these are simply too risky to utilize, while giving
stressful challenge. them an alternative (secure shared drives)
