Create a Human Firewall – HIPAA Training

Cyber breaches in healthcare are in the headlines and on the rise. Last year, over 112.8 million people’s “protected” health information was stolen or improperly disclosed! That is approximately one third of the total U.S. population - in just one year!  The big newsmakers are the large cyber breaches where millions of records are stolen electronically. But the “weak link” in many breaches is the human being.

“IT security starts with people.” (2016 Cybersecurity Trends, Cybernetic Global Intelligence, 2016)

While your IT staff and advanced technologies play a significant role in protecting your organization and patients from cyber threats, it is often the day-to-day actions of staff that put an organization at risk. Here’s a sampling of breaches traced to “human error” from the Identity Theft Resource Center’s 2015 Breach Report:

  • Improperly disposed patient records were found in open dumpsters, along roadsides, and other insecure locations. (multiple incidents)training_futuristic
  • Billing staff mailed statements containing PHI to the wrong addresses.
  • Clinical staff lost possession of laptop computers containing unencrypted PHI. (multiple)
  • Clerical staff intending to attach a survey to an email sent to all patients attached a spreadsheet containing patient information instead.
  • Multiple staff members fall victim to “phishing” messages, giving hackers access to the organization’s electronic systems.

A breach can result from an error or misconduct by a team member in any function or department. To the poor soul who learns his identity has been stolen from a bill collector or when his credit application is denied, it doesn’t matter whether it was a sophisticated cyber-attack or a careless worker tossing medical records into an unsecured dumpster - the end result is the same. A person whose records have been compromised will spend months – if not years! – putting his or her financial life back in order. Thus it’s critical that every staff member receives Privacy and Security training.

It’s also the law – HIPAA requires all workforce members to receive training on information privacy and security. “Workforce” includes all employees, contractor workers, and “business associates,” or vendors.”

Don’t delay!

Each employee accesses PHI dozens of times daily, and cyber criminals work 24/7. Protect yourself, your organization, and your patients by taking the first step to create a human firewall.

Julie Rennecker, PhD, BSN, is the founder of The Management Doc, LLC, and
Chair of Third Rock’s Clinical Advisory Board.

Contact us at to learn more about Third Rock’s Worry-free TrainingTM Solution:

✔   Comprehensive – Covers Privacy, Security, and Breach Notification Rules
✔   Fast and Easy-to-use – Entire course can be completed in about an hour
✔   Self-paced – Participants can log in and out as time permits
✔   Convenient and Flexible – Can be completed from a PC, smartphone or tablet
✔   Easy to Manage – Issues reminders to staff and automatically tracks course completion
✔   Executive Reporting – Dashboard readily tracks each individual’s training status
✔   Individual Transcripts – Downloadable transcripts document personal training history
Promotional pricing available until February 19th, 2016.

Julie Rennecker, PhD, BSN
About the Author

Julie Rennecker, BSN, PhD is an organizational development consultant specializing in the people and process challenges related to healthcare technology change. With 10 years bedside clinical experience (ICU, ER, behavioral health), a PhD in Organizational Behavior from MIT’s Sloan School of Management, five years on the Information Systems faculty at Case Western Reserve University, and more than 15 years’ research and consulting experience, she brings a unique synthesis of clinical, academic, and industry experience to bear on client problems and opportunities. She holds a Certificate in Health IT and Health Information Exchange from the University of Texas and is a credentialed EpicCare Ambulatory trainer.

%d bloggers like this: