Kevin Haynes, Chief Privacy Officer of Nemours--a children's health organization with facilities in New Jersey, Florida, Pennsylvania and Delaware--told Health IT Security that process improvement is critical when it comes to patient information security. If there's a privacy breach, you have to alert everyone involved, he said. What's more, he added, training from top-to-bottom on protocol for data protection is crucial in any organization.
"The thing about privacy is there are not very many scenarios that are the same. You learn that a privacy request, or incident usually involves a unique set of characteristics," Haynes said. "So for each, you have to treat it differently and take a careful, thoughtful approach at the privacy requirement, request, investigation, or evaluation [whatever it may be]. And you can't educate with generic responses, so we're looking to provide scenarios based on real-life situations and deliver directly to the groups that need it as quickly as possible." Article