In response to the health department breach, DPH conducted a thorough investigation and has reviewed and revised their HIPAA policies and procedures. They have also retrained their staff on the proper uses and disclosures of PHI, and increased HIPAA training for their temporary staff. The employee that caused the health department breach no longer works for DPH.
How to Prevent a Breach of This Type
There are several ways in which you can prevent this type of breach from occurring within your organization.
Policies and procedures. You should have policies and procedures regarding the proper uses and disclosure of PHI.
Access controls. Only employees that require access to PHI, should be given access to the sensitive data. This is known as the minimum necessary standard. Although the employee that caused the health department breach likely required limited access to PHI, it may be in your best interest to only give PHI access to permanent employees.
Employee training. Arguably the most effective way to prevent insider breaches is to train employees. Under HIPAA, all employees that have the potential to access PHI are required to be trained annually on your organization’s policies and procedures, and HIPAA basics.