Hospital surveillance.The 2006 scandal linking Hewlett-Packard chief executive officer Patricia Dunn with illegal covert tracking of board members, journalists and their families is definitely cause for caution. Having been a community hospital board member for 10 years, I have seen hospital surveillance technology grow, making the aforementioned HP affair a low but distinct possibility. HP's questionable legal investigative methods allegedly used social security numbers with home and/or cell phone numbers to hack into personal phone records, a method described as pretexting. Additionally, HP apparently incorporated voicemail, voiceprint A sample of a person's voice to be used for voice recognition or security systems. , email and instant message analyses, off-site surveillance, reconnaissance, and dumpster diving dumpster diving - /dump'-ster di:'-ving/ 1. The practice of sifting refuse from an office or technical installation to extract confidential data, especially security-compromising information ("dumpster" is an Americanism for what is elsewhere called a "skip"). into their leak investigation. Of course, management's investigative techniques were not approved by the board and damaged the strategic plan of HP. Today, health care organizations are merging physical security methods with information security policies to block intruders and protect the organization's valuable information and property. As hospital services become more transparent, security vulnerability experts are needed to expose any holes in the physical and information security nets. The hospital information system must be protected from intrusions involving phony IT employees, discovering passwords on sticky notes and of course the "mother of all security breaches" the misplaced mis·place tr.v. mis·placed, mis·plac·ing, mis·plac·es 1. a. To put into a wrong place: misplace punctuation in a sentence. b. or stolen laptop or PDA (Personal Digital Assistant) A handheld computer for managing contacts, appointments and tasks. It typically includes a name and address database, calendar, to-do list and note taker, which are the functions in a personal information manager (see PIM). . A first step in this area would be to use employee cards to access the information system, eliminating the need for passwords which can easily become compromised. Surveillance of health care patients, visitors, employees, physicians, vendors, volunteers and trustees is an important issue for the security of your health care organization and should not be left to chance. Careful strategic planning Strategic planning is an organization's process of defining its strategy, or direction, and making decisions on allocating its resources to pursue this strategy, including its capital and people. involving senior management, the board and legal counsel will prevent security, safety and internal privacy breaches. Surveillance for security purposes is as important as for infections, adverse drug reactions adverse drug reaction, n a detrimental outcome from a drug. Two types of ADRs exist: Type 1 results from dosage mismatch and Type 2 from rare conditions often as a consequence of a small dose. See also risk or sensitive type. and other medical safety issues. If the methodologies of the surveillance program are left only to management, the collaborative team of management, trustees and medical staff will break down. With surveillance, spying, and espionage being hot-button issues Noun 1. hot-button issue - an issue that elicits strong emotional reactions gut issue issue - an important question that is in dispute and must be settled; "the issue could be settled by requiring public education for everyone"; "politicians never discuss for Americans, a HP-type scandal would have a very negative effect on the hospital's reputation and bottom line. Any surveillance program has to be a strategic initiative for board discussion and approval. The trustees represent the community and by law are required to act as fiduciaries. Lack of board involvement in patient safety programs amounts to violation of good faith and an invitation to direct trustee liability. Successful hospitals foster communication, collaboration and trust among management, trustees, and medical staff and the invaluable exchange of ideas. Security and safety are important to every member of the team. Security The hospital's many entrances and open friendly environment leave it extremely vulnerable. Hospital security and information technology needs to protect the material assets, patients, staff, reputation, and information from theft, crimes of opportunity and violent individuals. This challenge is complex and requires review from a variety of perspectives. In such an environment, management's challenge includes handling risks, meeting regulations and remaining competitive. Health information technology has become vital for protecting privacy, enhancing operating efficiencies, reducing costs, strengthening organizational security and enabling innovation. Information technology has put the chief information officer (CIO CIO: see American Federation of Labor and Congress of Industrial Organizations. (Chief Information Officer) The executive officer in charge of information processing in an organization. ) into the C-suite. An environment where senior management, the board and medical staff are working hand in hand on strategic security initiatives will reduce traditional technological barriers, leverage collaborative technology, and at the same time lead to a reduction in security exposures and loss of confidential data. [ILLUSTRATION OMITTED] With the design and production of extremely small electronic devices and circuits (i.e., nanotechnology), stealth surveillance becomes a more tempting option to enhance hospital security. Trust Widespread adoption of health care information technology leads to improved surveillance and security as well as data exchange within and across health care organizations. But adoption has been limited by consumer acceptance and health care budgets. For health care information technology to achieve reliable, safe health care delivery and service coordination service coordination Case management, see there linked to enhanced system transparency with consumer access to provider information, the consumer must trust that his or her health care data and personal privacy will be protected. This trust is vital to consumer acceptance and employee morale and confidence. Models Hospital security solutions are built from the bottom up. All personnel must have an up-to-date working knowledge of the board-approved hospital security program. This is accomplished with behavior modification behavior modification n. 1. The use of basic learning techniques, such as conditioning, biofeedback, reinforcement, or aversion therapy, to teach simple skills or alter undesirable behavior. 2. See behavior therapy. during in-service education and new employee orientation. Regularly updated employee handbooks An employee handbook (or employee manual) details guidelines, expectations and procedures of a business or company to its employees. Employee handbooks are given to employees on one of the first days of his/her job, in order to acquaint them with their new company and describing surveillance and security measures Noun 1. security measures - measures taken as a precaution against theft or espionage or sabotage etc.; "military security has been stepped up since the recent uprising" security along with thorough patient education will maintain security. Finally periodic security audits are a must to document strengths and weaknesses that can lead to program improvements, and of course to identify security breaches, employee fraud or workplace theft. The second level of security involves controlling access via locks, lighting, alarms and video surveillance. Surveillance of Internet and Intranet use, telephones, VOIP (Voice Over IP) A digital telephone service that uses the public Internet as well as private backbones instead of the traditional telephone network. Many companies, including Vonage, 8x8 and AT&T (CallVantage), typically offer calling within the country for a (voice over data networks), and facsimile transmissions are also a part of the security network. Security's third stage is represented by security officers and management. Here it is important that the hospital not solely rely on senior management and health care attorneys for the design of any hospital security model. The trustees as fiduciaries for the health care consumers must be included in that they provide that outside point of view that can spot constrictive constrictive restricting movement or dilatation of an organ. and possibly unlawful security measures in this consumer-driven environment. Investigations are an area ripe for many damaging charges that can really harm the hospital's reputation as well as employee retention recruitment and morale. Watch out for hot-button issues such as: * Audio and videotaping employee meetings, conversations and workplace activities * Investigators making allegations that go beyond fact-finding * Searches of an employee's physical person or personal property * Inadequate documentation of general investigations and interviews * Failure to ensure confidentiality * Presumed or actual restriction of an employee's ability to leave Needless to say, charges of emotional distress emotional distress n. an increasingly popular basis for a claim of damages in lawsuits for injury due to the negligence or intentional acts of another. Originally damages for emotional distress were only awardable in conjunction with damages for actual physical harm. , defamation, invasion of privacy invasion of privacy n. the intrusion into the personal life of another, without just cause, which can give the person whose privacy has been invaded a right to bring a lawsuit for damages against the person or entity that intruded. and false imprisonment false imprisonment, complete restraint upon a person's liberty of movement without legal justification. Actual physical contact is not necessary; a show of authority or a threat of force is sufficient. The person falsely imprisoned may sue the offender for damages. leading to legal action could definitely ensue en·sue intr.v. en·sued, en·su·ing, en·sues 1. To follow as a consequence or result. See Synonyms at follow. 2. To take place subsequently. from these issues. With a shortage of qualified health care professionals, it is necessary to be aware of corporate spies who will try to infiltrate infiltrate /in·fil·trate/ (in-fil´trat) 1. to penetrate the interstices of a tissue or substance. 2. the material or solution so deposited. in·fil·trate v. 1. human resource departments to obtain and sell personnel data to organizations in need of nurses, imaging techs, and the like. Perspectives Intrusions, violence, vandalism and theft are threats that can disrupt the patients, employees and medication protocols as well as incapacitate in·ca·pac·i·tate tr.v. in·ca·pac·i·tat·ed, in·ca·pac·i·tat·ing, in·ca·pac·i·tates 1. To deprive of strength or ability; disable. 2. To make legally ineligible; disqualify. expensive medical equipment. Senior management is usually skilled at increasing security, but can the CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. see all potential pitfalls better than the hospital board? Collaboration with the board is not required for all situations, but it can be a positive factor in strategic design and the extent of security that can protect reputations and prevent scandal. Although the scandals of Tenet Healthcare Tenet Healthcare Corporation (THC) is an operating company that owns and operates 57 hospitals in the United States [1]. It is based in Dallas, Texas. Its stock ticker symbol on the New York Stock Exchange is NYSE: THC. Corp. involved alleged Medicare billing irregularities and a flawed culture rather than embarrassing surveillance problems, the repair of the institution's reputation came at a high cost and much difficulty. Tenet's current senior management is challenged with improving their technology-deprived facilities. Erasing the effects of such scandals is no easy task, highlighting the value of prevention that a well run and designed security system provides. The many passports to information and data stored within hospitals presents information technology challenges for senior executives to find innovative options to protect the organization's people, patients and assets. As these security systems and measures become increasingly complex, it is advocated that they be included in the institution's strategic plans. Board discussion of the methodologies will assure community acceptance if public disclosure occurs. Ron Harvey, MD, MBA-HCM is president of Integrity Consultations for Healthcare in Prescott, Ariz. He can be reached at aliron@cableone.org By Ron Harvey, MD, MBA-HCM [ILLUSTRATION OMITTED] Figure 1 Hospital Security Model Security officers Nanotechnology Internet & Intranet security Telephones, VOIP, FAX security Video & audio surveillance; Controlled access, locks, lighting, alarms Periodic security audits Adequate patient education Employee handbooks In-service & new employee education Board-approved security program |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion