Disciplinary action against employees

August 17th, 2015 by admin Leave a reply »

Carilion Clinic, a not-for-profit clinic located in Roanoke, VA took disciplinary action or fired 14 employees for looking at a high-profile patient file that they had not been given access to.

Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached. But he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity.

As per the internal security measures, whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients.

Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence.

Carilion prohibits employees from accessing information for patients with whom they are not directly working in accordance with HIPAA. Clinic employees are also required to receive annual security training.

“Carilion takes its obligation to protect patient privacy very seriously,” said Vicki Clevenger, Chief Compliance Officer at Carilion. “When Carilion discovers potential issues, an immediate investigation is launched. Aspects of an investigation vary, but may include a review of the electronic medical record(s) in question and interviews with individuals involved.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Leave a Reply