Characteristics of Data Breaches and Privacy Officers
A significant concern in healthcare is that of patient privacy and how organizations can protect against unauthorized access to protected health information. The federal government has responded by instituting policies and guidelines on requirements for protection. However, the policy language leaves areas open to interpretation by those following the guidelines. Reporting to the Office for Civil Rights and/or the patient can open an organization to risk of financial and possible criminal penalties. There is also a risk of harm to their reputation which could impact patient visits and market share.
Therefore, privacy officers might view risk in different ways and therefore handle breach reporting differently. Their processes may vary dependent on their knowledge of the policy, the status of previous reported breaches, and their framing of an incident.
Presenters at this session will explore the following factors: personal and organizational knowledge; prior breach status; and scenario framing on the choices a privacy officer makes regarding breach determination.
Privacy and security are a top concern for many health organizations. Presenters at this presentation will focus on two interconnected studies:
• The first analyzes the impact of advanced security measures on breach reporting.
• The second study explores how personal and organizational knowledge, prior breach status, and scenario framing affects the choices a privacy officer makes regarding breach determination.
Amanda Walden, PhD, RHIA, CHDA
Health Management and Informatics, University of Central Florida Orlando, FL