Natividad Medical Center is
doing an exemplary job in protecting the personal health information of
patients.
That’s the conclusion of a
report by the Monterey County grand jury issued Monday. The grand jury looked
into how well the county hospital was complying with HIPAA, the Health
Insurance Portability and Accountability Act of 1996. The grand jury wanted to
make sure Natividad wasn’t exposing the county to any exorbitant penalties with
respect to breaches in patient health information.
The report commends the
hospital’s Information Technology Department for its best practices and
recommends that they serve as a model and be shared with other hospitals.
The grand jury considered four
areas of concern regarding breaches of personal health information: annual risk
assessments, encryption practices, staff training and policy procedures in
securing sensitive information.
The IT Department conducts
regular systems checks and security scans. The report also said the hospital is
well equipped to prevent cyberattacks.
The report is basically a
glowing validation of the IT practices at Natividad. However, one finding
states “a weak link exists in security of PHI with hand-delivered paper
documents.” The report also recommends that Natividad ensure its notices to the
public are written in a language understood by those impacted.
Titled “Information Security at
Natividad Medical Center: A Model of Best Practices,” the report states that
Natividad spends 5.5 percent or about $10 million of its budget on IT. The
hospital has 200 network servers and 1,200 laptop computers for employees.
The county Board of Supervisors
must respond to the grand jury’s findings and recommendations in the next
several weeks.
June
22, 2015
The
Californian
By Robert
L. Robledo
No comments:
Post a Comment