How to stop snoopers: Humans are naturally curious, and most people are curious about their friends, family, and peers. That natural impulse may be a major contributor to of one of the biggest risks HIPAA covered entities face to data security: insiders accessing information improperly, a lot of which is nothing but pure snooping.
However, a new study published in JAMA Network Open has found an effective way to stop snoopers after the first bite: an email telling them to stop. The study looked at all non-care-team access to records at a large academic medical center over a 6-month period. Half of the offending snoopers got an email telling them their access was improper and warning them not to do it again; the other half got no warning. Only 2% of the warned group went on to snoop again, but 40% of the control group resumed snooping.
That sounds like an extremely effective strategy. I've always been in favor of rehabilitative-but-highly-visible responses to HIPAA violations: people make mistakes and shouldn't be whacked too hard for one-off judgment errors, but showing a serious response to even minor HIPAA issues can set a good tone for the organization. This study seems to back that up.