HealthStream offers performance learning management solutions to help develop your healthcare staff into leaders and reduce turnover.
View All ProductsHealthStream works with healthcare organizations to create engaging and high-quality training videos for your staff and management.
View All ProductsImprove care quality and save money by making informed decisions about your healthcare facility and staff with HealthStream's reporting analytics solution.
View All ProductsHealthStream's proven methods for the improvement and overall engagement of your healthcare staff foster a positive workplace and increase retention rates.
View All ProductsBe confident in your staff’s ability to reduce risk by providing compliance training that changes behavior.
View All ProductsDevelop next-level people for next-level care by prioritizing quality and safety improvements.
View All ProductsEstablish a culture of belonging with education supporting DEI, wellness, engagement, and leadership development.
View All ProductsDeliver custom or industry designed product training directly to patient and resident care environments to reinforce proper use.
View All ProductsStop wasting money on RCM issues. Learn how to Provide your team with expert-led revenue cycle training to help them reduce denied claims, reimbursement mistakes, and more.
View All ProductsLearn about our advanced resuscitation training solutions. Our solutions are designed to help improve patient outcomes.
View All ProductsOur competency development solutions personalize learning for clinicians to bridge the gap between theory and practice for your nurse residents.
View All ProductsEnhance maternal & child nursing care with solutions focused on improving the quality of care for mothers, infants, and children.
View All ProductsAddress staffing orientation challenges to easily achieve and maintain certification with our emergency and acute care training solutions.
View All ProductsAs a premier provider of healthcare education, we are committed to promoting safer, more successful surgical and sedation outcomes for each and every patient.
View All ProductsOur solutions are designed to cater to the needs of patients, healthcare professionals, and organizations dealing with illnesses or chronic conditions.
View All ProductsOnline clinical placement software allows schools, healthcare organizations, and students to seamlessly manage clinical and nursing rotations.
View All ProductsTackle all the challenges of provider directory management within a health plan with a single solution tailored to your specific needs.
View All ProductsOur affordable CVO credentialing services establish patient safety by enabling primary source verification for your healthcare organization.
View All ProductsFinally, a comprehensive resource to support collecting, storing, and sharing credentialing data with ease.
View All ProductsIntegrate with Epic to validate and add new providers directly to your provider master file.
View All ProductsHealthcare workforce management is essential. We provide advanced scheduling solutions for organizations to solve issues such as nurse retention
View All ProductsMitigate risk and elevate your quality of care. Improving both clinical and business outcomes starts with a smarter, more integrated approach to regulatory training, continuing education and quality management.
Learn MoreThe privacy of personal health records is governed by the Health Insurance Portability and Accountability Act, known throughout the healthcare world as HIPAA, signed into law in 1996. In the years since, HIPAA has become one of the most widely cited and discussed regulations in healthcare compliance.
Much External Vigilance
Much of the recent focus on HIPAA and threats to protected health information and data has been external, alerting providers and staff to criminal entities wanting access to large amounts of individual data, gained by breaches of cybersecurity. For example, the U.S. Department of Health & Human Services recently released guidance titled “Ransomware and HIPAA.” Ransomware locks up a computer or network to prevent access to data until a ransom, usually demanded in Bitcoin, is paid. Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without access to medical histories, drug usage, surgery directives, and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
Ransomware has the potential to expose patients’ Protected Health Information (PHI). PHI is at the center of HIPAA regulation, and any release of PHI is a potential HIPAA violation, even when it occurs due to nefarious and illegal acts of outside 3rd parties. Ultimately every healthcare facility is responsible for safeguarding the health information of its patients.
Insider HIPAA Threats
Importantly, while large-scale data breaches are the work of cyberattacks from outsiders, insider threats also are a danger to healthcare organizations. Even though the scale of these violations is nowhere similar, the damage to reputation and resulting fines can be significant. These undeniably illegal breaches often occur related to famous people. Typical situations involve hospital employees who “access records outside of their traditional job duties—especially if hospital patients are high-profile individuals or celebrities” (Becker’s Health IT & CIO Report, 2015).
According to Etactics.com, “there is a fine line between finding out that a celebrity checked into a hospital and digging through their medical records” (Moneypenny, 2019). The same website has compiled a list of 20 reported celebrity HIPAA violations that demonstrate another important element of healthcare privacy about which staff at every level of a medical facility must be trained.
The same article shares that since 2003, when Dr. Huping Zhou “ received a four-month sentence and $2,000 fine” for illegally viewing “medical records of celebrities and high-profile patients,” in violation of HIPAA, the list of celebrities whose privacy has been violated keeps growing. For example, healthcare staff has been implicated in criminally accessing and sometimes selling information about:
It’s important to remember that like all the rest of us, famous people have a legal right to privacy and to controlling information about their healthcare. Being well-known changes nothing about how medical records are protected under HIPAA.
Use Training to Create a Culture of Compliance
An August 2019 FierceHealthcare article details the findings from a Kaspersky survey of North American healthcare staff about healthcare privacy. Results showed “ nearly 1 in 5 respondents (19%) said there needed to be more cybersecurity training by their organization.” More alarmingly, “nearly a fifth of U.S. respondents (18%) reported they did not know what the HIPAA security rule meant” (Landi, 2019).
These sobering statistics serve to remind us of the importance of regular compliance training—the kind that changes behaviors and helps to communicate the commitment to compliance of top leadership, to influence the overall culture of your organization. Providing compliance training is a way to ensure your business is conducted ethically and within the boundaries of the law, and it reinforces your organization’s good reputation. Educating your organization also demonstrates a proactive approach to the detection and prevention of unlawful activity.
Importantly, compliance training should impart individual responsibility that reinforces the obligation to be a good corporate and organizational citizen and to be accountable. Training should help employees apply complex laws and regulations to their daily work, and it should include how they can access your policies and procedures for guidance. What can make HIPAA training much more meaningful is to provide examples of illegal or suspicious behaviors that illustrate the kinds of things that you want reported. Violations involving celebrities deserve to be one of these examples.
References
Becker’s Health IT & CIO Report, “7 celebrity data breaches: When employees snoop on high-profile patients” 12/11/2015, retrieved at https://www.beckershospitalreview.com/healthcare-information-technology/7-celebrity-data-breaches-when-employees-snoop-on-high-profile-patients.html.
Landi, H., “Survey finds alarming number of healthcare workers have not had cybersecurity training,” FierceHealthcare, August 21, 2019, Retrieved at https://www.fiercehealthcare.com/tech/despite-ongoing-cyber-threats-32-healthcare-employees-never-received-cybersecurity-training.
Moneypenny, M., “The Ultimate List of Celebrity HIPAA Violations You Won't Believe
The Ultimate List of Celebrity HIPAA Violations You Won't Believe,” June 24, 2019, Retrieved at https://www.etacticsinc.com/blog/celebrity-hipaa-violations.
Access our article Building an Indestructible Healthcare Compliance Training Program.
HealthStream’s learning management system and healthcare training solutions support medical training initiatives and allow for the best patient care.
View All Learning & PerformanceHealthStream offers performance learning management solutions to help develop your healthcare staff into leaders and reduce turnover.
View All ProductsHealthStream works with healthcare organizations to create engaging and high-quality training videos for your staff and management.
View All ProductsImprove care quality and save money by making informed decisions about your healthcare facility and staff with HealthStream's reporting analytics solution.
View All ProductsHealthStream's proven methods for the improvement and overall engagement of your healthcare staff foster a positive workplace and increase retention rates.
View All ProductsWhen you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.
View All Quality & ComplianceBe confident in your staff’s ability to reduce risk by providing compliance training that changes behavior.
View All ProductsDevelop next-level people for next-level care by prioritizing quality and safety improvements.
View All ProductsEstablish a culture of belonging with education supporting DEI, wellness, engagement, and leadership development.
View All ProductsUtilize patient access solutions and advanced reimbursement solutions to manage clinical denials and improve your organization’s reimbursement strategy.
View All ReimbursementExpand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.
View All Clinical DevelopmentLearn about our advanced resuscitation training solutions. Our solutions are designed to help improve patient outcomes.
View All ProductsOur competency development solutions personalize learning for clinicians to bridge the gap between theory and practice for your nurse residents.
View All ProductsEnhance maternal & child nursing care with solutions focused on improving the quality of care for mothers, infants, and children.
View All ProductsAddress staffing orientation challenges to easily achieve and maintain certification with our emergency and acute care training solutions.
View All ProductsAs a premier provider of healthcare education, we are committed to promoting safer, more successful surgical and sedation outcomes for each and every patient.
View All ProductsOur solutions are designed to cater to the needs of patients, healthcare professionals, and organizations dealing with illnesses or chronic conditions.
View All ProductsOnline clinical placement software allows schools, healthcare organizations, and students to seamlessly manage clinical and nursing rotations.
View All ProductsComprehensive, industry-leading provider onboarding and credentialing software that validates health outcomes and supports provider assessment.
View All CredentialingOur affordable CVO credentialing services establish patient safety by enabling primary source verification for your healthcare organization.
View All ProductsIntegrate with Epic to validate and add new providers directly to your provider master file.
View All ProductsMake sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.
View All SchedulingHealthcare workforce management is essential. We provide advanced scheduling solutions for organizations to solve issues such as nurse retention
View All Products