From Celebrities to the Ex-Factor, Snooping is a Serious Issue

Have you cataloged “Snooping” among your risk factors in your Risk Analysis?

Humans are curious beings by nature. With a little motivation we can get really nosy …which often leads to very bad outcomes for those tasked with safeguarding protected health information. Snooping, where individuals gain access to PHI as a result of curiosity or malicious intent, is a prevalent problem that can land your organization in serious trouble under HIPAA.

 The regulators have made it quite clear that a covered entity or business associate is required to conduct a breach risk assessment and notify affected victims in the case of a snooping attack. Penalties for organizations have been severe, and in some cases snoopers themselves have been jailed for violating the privacy rule.

Many studies have documented the struggle HIPAA covered entities have with staff snooping. According to the research, most victims of snoopers are people they know. The motivation for snooping in these cases is most frequently what you could call the “ex” factor, e.g. the person is snooping on an ex-spouse, ex-partner, ex-friend. Not surprisingly, celebrity records are also very popular targets for snooping.

Curious what you can do to protect your organization from snoopers? Here are some ideas.

 

  • Consider “snooping” as a threat agent in your Risk Analysis
  • Reinforce the organization’s obligation to patients to protect their PHI
  • Provide deep training on privacy and security requirements, controls, and potential penalties for noncompliance
  • Underscore the potential consequences for the organization as a result of snooping – both financial and reputational
  • Establish, communicate and apply stiff sanctions for employee violations
  • Strengthen access controls so personnel only have access to the information they actually need
  • Monitor unusual activity and pursue behavior change before it becomes a problem.
    This also deters colleagues from going down an unfortunate path.

 

Bob Chaput

CEO at Clearwater Compliance
Bob is the CEO and Founder of Clearwater Compliance. He has 25 years of experience in the Healthcare industry, and his experience includes managing some of the world’s largest HR, benefits and healthcare databases, requiring the highest levels of security and privacy. Mr. Chaput continues to expand and update his knowledge base on HIPAA-HITECH compliance through postgraduate study, earning professional certifications and participating in professional healthcare and other organizations.