Patient privacy is everyone’s responsibility, and we all play a role in maintaining health information security. Those were the key takeaways from the Office of the Chief Privacy Officer’s (OCPO) Education Session on Privacy and Security. We interviewed Amy Wang, the Director of Information Services & Operational Effectiveness and the Information Security Officer, part of the Henry Ford Health System, to see how one hospital has been able to create a culture of privacy and security.

Integrating Privacy and Security in Patient Care

West Bloomfield Hospital , a relatively new hospital with a holistic focus, has integrated privacy and security directly into patient care. The effort starts at the top. Amy and her team get tremendous support from upper management including the CEO and COO, who drill down the message that everyone is responsible for securing patient data. All the patient  rooms are private, and the privacy/ security/compliance topics and reminders are incorporated in the daily meetings (“huddles”) with clinicians and staff.  On a monthly basis, the security council team conducts audits in the various departments to make sure that privacy and security policies are being followed.  Privacy and security efforts have become part of the daily routine.

Amy’s message and the practices at West Bloomfield Hospital fit perfectly with how we see privacy and security at the Office of the National Coordinator for Health Information Technology (ONC). Protecting patient data is everyone’s responsibility. At the OCPO, we are working to help establish policies that preserve health information security, but also finding ways that are affordable and workable. We are also developing materials and tools to help providers educate themselves and their staff about security awareness. For example, we will soon be releasing the first of a series of video games for providers and staff. These games are fun and engaging, but also deliver important training on how to secure data and avoid breaches. In addition, this month we will have a Mobile Devices Roundtable event on privacy and security issues related to mobile devices.

Stakeholder and Patient Responsibilities

Like West Bloomfield Hospital, we recognize that providers and their staff have a core responsibility to protect patient information. However, other stakeholders also have key roles to play. For example, electronic health record (EHR) vendors are responsible for building easy-to-use and affordable security features into their products and implementing EHRs with these features configured for the practice. Patients are responsible for understanding and being cooperative when asked for identification, not sharing passwords to EHR patient portals, and safeguarding their insurance information.

Learn More About Privacy and Security

The OCPO should be viewed as a resource to the ONC grantee community, health care providers and the greater public. You can learn more by visiting us  the Privacy and Security page on HealthIT.gov.

We are all responsible for creating a culture where privacy and security are respected and valued. We are all in this together.

For more information on how health IT protects privacy and health information security, visit http://www.healthit.gov.