Hospital surveillance.The 2006 scandal linking Hewlett-Packard chief executive officer Patricia Dunn with illegal covert tracking of board members, journalists and their families is definitely cause for caution. Having been a community hospital board member for 10 years, I have seen hospital surveillance technology grow, making the aforementioned HP affair a low but distinct possibility. HP's questionable legal investigative methods allegedly used social security numbers with home and/or cell phone numbers to hack into personal phone records, a method described as pretexting. Additionally, HP apparently incorporated voicemail, voiceprint, email and instant message analyses, off-site surveillance, reconnaissance, and dumpster diving into their leak investigation. Of course, management's investigative techniques were not approved by the board and damaged the strategic plan of HP. Today, health care organizations are merging physical security methods with information security policies to block intruders and protect the organization's valuable information and property. As hospital services become more transparent, security vulnerability experts are needed to expose any holes in the physical and information security nets. The hospital information system must be protected from intrusions involving phony IT employees, discovering passwords on sticky notes and of course the "mother of all security breaches" the misplaced or stolen laptop or PDA. A first step in this area would be to use employee cards to access the information system, eliminating the need for passwords which can easily become compromised. Surveillance of health care patients, visitors, employees, physicians, vendors, volunteers and trustees is an important issue for the security of your health care organization and should not be left to chance. Careful strategic planning involving senior management, the board and legal counsel will prevent security, safety and internal privacy breaches. Surveillance for security purposes is as important as for infections, adverse drug reactions and other medical safety issues. If the methodologies of the surveillance program are left only to management, the collaborative team of management, trustees and medical staff will break down. With surveillance, spying, and espionage being hot-button issues for Americans, a HP-type scandal would have a very negative effect on the hospital's reputation and bottom line. Any surveillance program has to be a strategic initiative for board discussion and approval. The trustees represent the community and by law are required to act as fiduciaries. Lack of board involvement in patient safety programs amounts to violation of good faith and an invitation to direct trustee liability. Successful hospitals foster communication, collaboration and trust among management, trustees, and medical staff and the invaluable exchange of ideas. Security and safety are important to every member of the team. Security The hospital's many entrances and open friendly environment leave it extremely vulnerable. Hospital security and information technology needs to protect the material assets, patients, staff, reputation, and information from theft, crimes of opportunity and violent individuals. This challenge is complex and requires review from a variety of perspectives. In such an environment, management's challenge includes handling risks, meeting regulations and remaining competitive. Health information technology has become vital for protecting privacy, enhancing operating efficiencies, reducing costs, strengthening organizational security and enabling innovation. Information technology has put the chief information officer (CIO) into the C-suite. An environment where senior management, the board and medical staff are working hand in hand on strategic security initiatives will reduce traditional technological barriers, leverage collaborative technology, and at the same time lead to a reduction in security exposures and loss of confidential data. [ILLUSTRATION OMITTED] With the design and production of extremely small electronic devices and circuits (i.e., nanotechnology), stealth surveillance becomes a more tempting option to enhance hospital security. Trust Widespread adoption of health care information technology leads to improved surveillance and security as well as data exchange within and across health care organizations. But adoption has been limited by consumer acceptance and health care budgets. For health care information technology to achieve reliable, safe health care delivery and service coordination linked to enhanced system transparency with consumer access to provider information, the consumer must trust that his or her health care data and personal privacy will be protected. This trust is vital to consumer acceptance and employee morale and confidence. Models Hospital security solutions are built from the bottom up. All personnel must have an up-to-date working knowledge of the board-approved hospital security program. This is accomplished with behavior modification during in-service education and new employee orientation. Regularly updated employee handbooks describing surveillance and security measures along with thorough patient education will maintain security. Finally periodic security audits are a must to document strengths and weaknesses that can lead to program improvements, and of course to identify security breaches, employee fraud or workplace theft. The second level of security involves controlling access via locks, lighting, alarms and video surveillance. Surveillance of Internet and Intranet use, telephones, VOIP (voice over data networks), and facsimile transmissions are also a part of the security network. Security's third stage is represented by security officers and management. Here it is important that the hospital not solely rely on senior management and health care attorneys for the design of any hospital security model. The trustees as fiduciaries for the health care consumers must be included in that they provide that outside point of view that can spot constrictive and possibly unlawful security measures in this consumer-driven environment. Investigations are an area ripe for many damaging charges that can really harm the hospital's reputation as well as employee retention recruitment and morale. Watch out for hot-button issues such as: * Audio and videotaping employee meetings, conversations and workplace activities * Investigators making allegations that go beyond fact-finding * Searches of an employee's physical person or personal property * Inadequate documentation of general investigations and interviews * Failure to ensure confidentiality * Presumed or actual restriction of an employee's ability to leave Needless to say, charges of emotional distress, defamation, invasion of privacy and false imprisonment leading to legal action could definitely ensue from these issues. With a shortage of qualified health care professionals, it is necessary to be aware of corporate spies who will try to infiltrate human resource departments to obtain and sell personnel data to organizations in need of nurses, imaging techs, and the like. Perspectives Intrusions, violence, vandalism and theft are threats that can disrupt the patients, employees and medication protocols as well as incapacitate expensive medical equipment. Senior management is usually skilled at increasing security, but can the CEO see all potential pitfalls better than the hospital board? Collaboration with the board is not required for all situations, but it can be a positive factor in strategic design and the extent of security that can protect reputations and prevent scandal. Although the scandals of Tenet Healthcare Corp. involved alleged Medicare billing irregularities and a flawed culture rather than embarrassing surveillance problems, the repair of the institution's reputation came at a high cost and much difficulty. Tenet's current senior management is challenged with improving their technology-deprived facilities. Erasing the effects of such scandals is no easy task, highlighting the value of prevention that a well run and designed security system provides. The many passports to information and data stored within hospitals presents information technology challenges for senior executives to find innovative options to protect the organization's people, patients and assets. As these security systems and measures become increasingly complex, it is advocated that they be included in the institution's strategic plans. Board discussion of the methodologies will assure community acceptance if public disclosure occurs. Ron Harvey, MD, MBA-HCM is president of Integrity Consultations for Healthcare in Prescott, Ariz. He can be reached at aliron@cableone.org By Ron Harvey, MD, MBA-HCM [ILLUSTRATION OMITTED] Figure 1 Hospital Security Model Security officers Nanotechnology Internet & Intranet security Telephones, VOIP, FAX security Video & audio surveillance; Controlled access, locks, lighting, alarms Periodic security audits Adequate patient education Employee handbooks In-service & new employee education Board-approved security program |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion