The U.S. Coast Guard has made progress in developing a culture of privacy, but still faces challenges because it lacks a strong organizational approach to resolving health privacy issues, according to a report from the Department of Homeland Security's Office of Inspector General (OIG).
The report is based on an audit to determine whether the Coast Guard complies with privacy regulations, including the Health Insurance Portability and Accountability Act.
The report cites five areas of concern:
- Coast Guard privacy and HIPAA officials do not formally communicate to improve privacy oversight and incident reporting, which limits USCG's ability to assess and mitigate the risks of future privacy or HIPAA breaches. The OIG urges a formal mechanism be set up to ensure that communication takes place.
- USCG does not have consistent instructions for managing and securing health records. The report calls for consistent instructions for managing health record retention and disposal.
- The Cost Guard's clinics have not completed contingency planning to safeguard privacy data from loss in case of disaster. The report shows photos of rooms full of paper records in tubs and others of water damage to a ceiling. OIG says the Coast Guard should make a plan of action and milestones to ensure it is safeguarding privacy data in the event of emergency or disaster.
- Clinics lack processes to periodically review physical security, placing privacy data at unnecessary risk. The OIG calls for an action plan and periodic review of physical safeguards to mitigate risks to protected health information at clinics.
- USCG has not assessed the merchant mariner credentialing program and processes to identify and reduce risk to merchant mariners' privacy data managed throughout its geographically dispersed program operations. The report says there needs to be a plan to improve controls to better protect this data.
The Coast Guard agreed with all recommendations made by the OIG.
DHS has a system for immigrant detainees, but not its own employees. The system fully implemented earlier this year at U.S. Immigration and Customs Enforcement is considered one of the largest and "most robust" EHR systems in the federal government, according to an ICE announcement.
Editor's Note: FierceHealthIT previously reported that USCG adopted an Epic EHR system in 2012. USCG awarded Epic with a contract in 2010, but according to an Epic spokesperson, USCG is not yet live on the company's EHR. We regret the error.
To learn more:
- read the report (.pdf)