Open in app

Sign in

Write

Sign in

5 STEPS TO PREVENT EMPLOYEE SNOOPING

Jean L. Eaton
7 min readNov 5, 2021
Prevent employee snooping thief with file folder

Human curiosity, interpersonal conflicts, shaming, bullying or financial gains are common motivators for snooping.

Snooping causes a violation of trust between the patients and healthcare providers as well as the people who work for them. We seem to be hard-wired to want to peek into someone else’s personal and private information.

Every health care services provider wants their patients to trust them. We want patient to share their personal information with them so that the appropriate health services can be provided to the patients.

When healthcare providers snoop in patient’s information destroy that trust with the patient. When a team member snoops, it harms the effectiveness of the team and damages morale.

What Is Snooping?

Snooping is looking at someone’s personal information without an authorized purpose to access that information to do your job.

Even when you are “just looking” at someone’s personal information but not sharing it with others, is still breaching confidentiality. It is illegal. It is a privacy breach. It is snooping.

Snooping incidents are rising and can cost you time, money, heartache, and headache in your practice.

When there is an offence under the privacy legislation, there may be penalties. These can be investigations, charges, court appearances, fines, and even loss of employment.

The act of snooping is entirely preventable.

Let’s take a look at the proactive steps that you can take today to prevent employee snooping.

Step 1. Be A Privacy Champion

The first step is to be a privacy champion is the first step. Knowing the legal and regulatory obligations about privacy is very important. Understanding how it affects your health care practice and your patients is also important.

By default, in Alberta, the custodian or the health care provider is the privacy officer of the clinic. But the custodian can also name a “responsible affiliate” to be the privacy officer.

Role Of The Privacy Officer

When you identify a person in your organization to fulfil the role and responsibilities of a privacy officer, you have taken an important first step to prevent snooping and other privacy and security incidents.

The privacy officer should be in communication with both management and planning decision -makers and the front-line staff who collect, use, disclose and provide access to personal health information (PHI.)

The responsibilities of a privacy officer include the following.

  • Accountability / Management

Ensure that the health information management policies and procedures are well developed and maintained as necessary.

  • Notice

Ensure that the clinic provides notices about its privacy policies and practices.

  • Consent

Ensure that the clinic obtains consent with respect to the disclosure of health information where required.

  • Collection

Ensure that the clinic only collects health information that is necessary to provide the health services and authorized uses.

  • Use, Retention and Disposal

Ensure that good safeguards are in place and routine standards of practice and operating procedures for the proper use, retention and disposal of health information is compliant with legislation and implemented.

  • Disclosure

Ensure that health information is disclosed on an as needed basis and with the appropriate authorization.

  • Access

Ensure that individuals have the right to access their information that is in control or custody of the custodian.

  • Reasonable Safeguards

Ensure updating the overall security and protection of health information, under the control of the clinic is in place and is up to date,

  • Quality

Ensure reasonable efforts that the health information is accurate and complete.

  • Monitoring and Enforcement

Investigate promptly all instances of privacy complaints and breaches and take appropriate sanctions when necessary.

The role of a privacy officer is an important role to monitor the privacy compliance in your healthcare practice.

The privacy officer doesn’t need to know all the answers to everything. But they do need to actively listen for privacy questions and concerns, find the answers, and respond appropriately

Being a privacy champion also means that you have privacy policies and procedures in your organization. The steps to collect, use, and disclose information and to ensure that patients have the right access to their personal information should be included into your policies and procedures. Written policies and procedures also improves efficiencies in your practice so that you don’t have to re-think and re-do on a regular basis.

When you build privacy into everything you do, you are a privacy champion!

If you need assistance with your health information privacy and security policies and procedures, check out these resources:

Policy and Procedure Checklist

Health Information Privacy and Security Policies and Procedures Manual Templates

Step 2. Train

Healthcare practices must provide privacy awareness training to all of their employees at their orientation. They shouldn’t and not rely on the assumption that the employees have learned about privacy awareness previously.

The new employee might be an experienced healthcare provider or a new grad. It might be that this is the first time they have worked in a healthcare. Maybe they are not even doing a healthcare job but may see or hear PHI while they are at work. Still, they need to receive privacy awareness orientation at your organization. This will make you certain that they have learned your practices and understand their responsibilities in your organization.

Orientation is important, but we must also train throughout the year. For example:

  • When an employee takes on new technology or new roles in their position in the organization. There should be specific training that includes privacy and security awareness about any new risks.
  • General reminders throughout the year like quizzes or contests can be fun. You may share information that you received from Information Managers helps to keep privacy and security top of mind throughout the year.
  • There are many unfortunate examples of privacy breaches that happen to other people. Learn from these news items so that you can prevent a similar incident in your organization.
  • Remember, you need to train patients, too. Take the time to explain to them how their information will be collected, used, and disclosed and explain who else may have access to their information.

You have an opportunity to demonstrate good safeguards of their private information when handing them a copy of their prescription. the consultant’s report or even their lab requisition with envelopes to keep their patient information safe and secure. Inform patients how they can access their own PHI and let them know that they can consult your privacy officer if they have concerns or complaints about how their PHI is being handled.

Privacy Awareness in Health Care Online Training. Protect Patients. Ensure Privacy. Educate Employees.

Step 3. Reasonable Safeguards

Implementing reasonable safeguards makes it easier for people to do the right thing and avoid the temptation of snooping.

There are three types of safeguards.

Administrative. Written policies, procedures, training, and oaths of confidentiality are examples of administrative safeguards.

Technical. This often includes security related to computers. For example, making sure that we have role-based access to systems and PHI supports the need to know principle. Computer networks and electronic medical record systems that have user management audit logging and enforcing unique user ID are other examples of technical safeguards. Technical safeguards also include phone systems, security cameras, and many more.

Physical. Restricted access to paper records, ensuring that documents are shredded appropriately, the doors are locked and that the keys are managed so that duplicate keys are not made and are returned when employees leave the practice are examples of physical safeguards.

Step 4. Monitor

Knowing that your supervisor, co-worker, or privacy officer is observing your interactions with personal information may help to deter employees from snooping.

Monitor audit logs to search for unusual activity or pro-active review of users looking up patient information with the same last name or access to VIP records.

Conducting regular monthly privacy and security audits will help to ensure that privacy training is understood and implemented appropriately.

Get started with monthly privacy and security audits with these templates!

Listen to the podcast, How AI Improves EMR AuditingHow AI Improves EMR Auditing | Episode #094 to learn about an easy way to perform user monitoring and quickly recognize risks from external bad actors and employee snooping incidents!

Step 5. Consequences

Step 5 to prevent snooping incidents is having well documented and implemented consequences.

When proactive measures fail, consequences may be appropriate. The consequences need to be reasonable, consistent across all providers and employees, and fair to the circumstances.

Written sanctions and discipline policy are required both as a deterrent to snooping and to facilitate a quick response to privacy incidents.

Consequences may include written warning, re-training, and reprimands or disciplinary action. It may include firing employees and providing mandatory privacy breach notification if employees are caught snooping.

Snooping is a privacy breach, and it will require investigation and reporting. Your written privacy breach policies, procedures and forms will help you to respond quickly to a snooping incident.

Not sure how to respond to a snooping privacy breach incident? Use the 4 Step Response Plan 4 Step Response Plan to prepare now.

5 STEPS TO PREVENT EMPLOYEE SNOOPING

When you take these 5 proactive steps to prevent employee snooping, you will continue to build a bond of trust with your patients and clients.

You will create common respect among your team members for the importance of privacy, confidentiality and security of personal information.

When everyone is working collaboratively, you build efficiencies in your practice and save time and money.

Be a privacy champion! And prevent employee snooping in your practice.

Need More Tips Like This?

Become a member of Practice Management Success! On-line tips, tools, templates and training to help you in your career and help you to start, grow, or fix the business of a healthcare practice.

www.PracticeManagementSuccess.ca

Say ‘No’ To Snooping!

Show your support by clapping this article and sharing!

Privacy
Healthcare
Privacy Breach
Snooping
Privacy Officer

--

--

Jean L. Eaton

Written by Jean L. Eaton

17 Followers

Practical privacy compliance for your healthcare business. ❈Practical Privacy Coach ❈ Practice Management Mentor ❈ Health Information Management Professional ❈

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams