Cecelia,
We had that same
issue at one of my clients and the way we handled it was to issue a login ID and
Password for each patient. The login ID and Password were automatically
generated at the time of check-in. The patient Log-In ID is a combination of the
patients name, DOB and SSN. The Password was automatically generated and could
not be changed. Once the patient was discharged, the user ID and Password was
deleted. We also installed secure VPN lines so that the clients security systems
(Firewalls etc) could monitor all activity.
James
Holler
713.927.2390
To
Anyone that can help,
I would like
to know how other Hospitals are handling the security of their clinical
computer equipment. Our main HIS was recently updated before the April
deadline to accommodate the HIPAA regs (ability to mark patient's
confidential, individual log-ins, audit trail, etc) but from the looks of
things - nothing has been done to our clinical computer monitoring systems.
We use GE computer systems for our
MRI, Cat Scan, and Nuclear Medicine departments - the system has a password
upon entry into the system, but not individual log-ins. It is not possible to
tell who did what. We recently had problems with someone "messing" with our
Nuclear Medicine computer - so we installed locks on all the doors and secured
the room (which is always supposed to be manned - but of course it isn't!). I
have a call into the Chief Privacy Officer at GE - hasn't returned it
yet
We also use a cardiac monitoring
system by Phillips (Agilent Technologies) - it is Internet based - Doc's can
get into the system (they each have their own log-in) and monitor the cardiac
activity of the patient's in ICU, CCU, telemitry and ER. My problem with this
is that any Doc can see any patient, not just their own. Isn't that a no no?
They can't edit or make changes, just view.
Does anyone have any specific
references for this? Any help would be appreciated. Thanks.
Cecelia
Sheridan, HIPAA Privacy/Security Officer
Southampton Hospital
240
Meeting House La
Southampton, NY 11968
(631)
726-8576
[EMAIL PROTECTED]
CONFIDENTIAL COMMUNICATION
THIS
TRANSMISSION IS INTENDED ONLY FOR THE INDIVIDUAL OR ENTITY TO WHICH IT IS
ADDRESSED AND CONTAINS INFORMATION THAT IS CONFIDENTIAL. IF YOU HAVE
RECEIVED THIS COMMUNICATION IN ERROR, PLEASE DESTROY THE EMAILED MATERIAL AND
CONTACT THE SENDER IMMEDIATELY AT SOUTHAMPTON HOSPITAL (631)726-8576. THANK
YOU.
|
<<Classic White.jpg>>
---
The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions
on this listserv therefore represent the views of the individual participants, and do
not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If
you wish to receive an official opinion, post your question to the WEDI SNIP Issues
Database at http://snip.wedi.org/tracking/. These listservs should not be used for
commercial marketing purposes or discussion of specific vendor products and services.
They also are not intended to be used as a forum for personal disagreements or
unprofessional communication at any time.
You are currently subscribed to wedi-security as: [EMAIL PROTECTED]
To unsubscribe from this list, go to the Subscribe/Unsubscribe form at
http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED]
If you need to unsubscribe but your current email address is not the same as the
address subscribed to the list, please use the Subscribe/Unsubscribe form at
http://subscribe.wedi.org
