I would like your opinion on the following inappropriate access (not work-related, accessed out of curiosity):
Employee 1 – inappropriately accesses the clinical portion of the patient's chart, looking at the doctor's and nurse's notes, test results/reports, etc.
Employee 2 – inappropriately accesses the patient's demographic information that includes name, address, phone, email address, race, date of birth and in some cases, the patient's social security number.
What corrective action do you think each employee should receive? Same? Different? Does it depend on their past violations?
Thank you for your input!
I agree that consistency is key. Both accessed PHI in an unauthorized fashion. The only reason I would see to treat the two employees differently is if one but not both had been disciplined previously for unauthorized access to PHI. In that case I think the sanctions need to be greater for a prior offender.
Chris Apgar, CISSP, C|CISO
CEO & President
(503) 384-2538 (o)
(503) 816-8555 (c)
(503) 384-2539 (f)
Privacy | Information Security | Compliance | Certification Readiness | Security Incident Response
The information contained in this email message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by email, and destroy the original message.
Thank you to Sonu, Brenda T, Frank Savannah, Brenda M, David, Vicky and Chris for your input about corrective action for inappropriate access. I have a lot of respect for the opinions from members of this forum, as does my CEO, who suggested to me that I check with my peer group!
I agree that consistency is the key, and I like the different tiers approach and having a range of corrective actions within each tier, dependent on the circumstances surrounding the offense.
Thanks again everyone! Stay safe! Heartfelt prayers for the World.