[ Wednesday, March 23, 2005 ]
Back on topic -- physical security tips from Hospital Compliance Wire:
From a newsletter I get on HIPAA and other compliance issues:
Don't just have your security staff walk the premises looking out for physical HIPAA security problems, train your regular staff to do the same thing. Name a person in each department to be in charge of physical security -- not swinging a billy club, but walking the halls occasionally looking for (and reminding people about) open files, logged-on computers, doors propped open, etc. Make sure you cover all shifts that you're open, and cross-pollination would be good here too (have the daytime person do a security walk during the night shift sometime, and vice versa, to make sure the good ideas from each group cross over).
Consider a badge system, either smart badges (with magnetic strips that open doors, let you log onto computers, etc.) or dumb badges (simple plastic badges with or without pictures, so you can tell visitors from staff). Smart badges will help you audit who is doing what, and will be a strong deterrent to keep nosy staff from sniffing around where they shouldn't.
Make sure you know your traffic flows. Staff may not think about where visitors walk or what they can see; staff expects to see information, but may not realize that visitors and patients might be able to see the same information. Occasionally trail a visitor or patient around the facility, looking for things that a visitor might see but ought not. Role play. And keep up on it, since changes you don't think about might cause changes in traffic patterns.
Jeff [11:20 AM]
Blogger: HIPAA Blog - Edit your Template