PHI Incident Shows Need for Strict Volunteer Policies
Posted On: March 21st, 2013
Former Vice President, Product Marketing and Strategy, McKesson (Retired)
Protecting patient identities can seem like an uphill struggle, but learning from other healthcare organizations is an excellent way to fix policies in advance of a breach. A recent event at Jackson Health System in Miami is a perfect example.
According to AIS Health, a hospital volunteer had used his cell phone camera to take more than 1,000 photos of patient records, including Social Security numbers and protected health information. (His goal was to sell the information, but he and his co-conspirators were caught and convicted.)
As a result of the incident, Jackson Health amended its rules to ensure volunteers are treated more like employees with regard to protected health information (PHI) access. For starters, it instituted a prohibition against the use of smartphones in patient-care areas by volunteers. Anyone with a phone in a forbidden area faces immediate dismissal.
The health system also created a more robust orientation program for volunteers that includes signing a form indicating an understanding of, and adherence to, the hospital’s privacy rules. Finally, all nursing leaders with units that allow volunteers received a document outlining the responsibilities of the staff and a description of the volunteer’s permitted duties to be signed by both the nurse leader and the volunteer.
The incident brings up two areas of concern for home health and hospice agencies:
- Although HIPAA was enacted before smartphones were widely in use, the technology now demands strict governance in the workplace.
- Clearly, volunteers should be treated as carefully as employees when it comes to protecting PHI.
Fortunately, you can take advantage of Jackson Health’s episode to implement stricter policies and prevent a similar breach.