I plan on making more comments here about HIPAA security, but one of the issues that I see around the various list-serves surrounds how to gain compliance with users logging off of computers and not allowing others to use their logins. Well, when I worked for Texas Orthopedic Hospital, The Methodist Hospital System, Methodist Willowbrook Hospital and San Jacinto Methodist Hospital…we used a tactic called “Teapotting”.
Teapotting is best done anonymously, and is accomplished when an unsuspecting user leaves him or herself logged on to their workstation and they are nowhere to be found. Just sit down and compose an email to your colleagues about how “you” are going to be bringing donuts tomorrow, or lunch on Friday is on you. It only takes a couple of times for people to get the idea.
Posted under Uncategorized
This post was written by Spencer on February 17, 2008
I’ve seen lots of this but in fully practicing HIPAA Security, emloyees are made aware through training of what can happen to them in the event something like this happens. If someone is able to do a teapot joke, there is immedeately a security breach and must be sanctioned, even if the best fix is company wide training. Some employees are now trained to press CTRL+ALT+DELETE and lock their systems when leaving their workstations. They don’t do the 2 minute screensaver lock anymore just because they understand from a law standpoint what must be done to protect the CIA of patients information in electronic form. Hope they all become secure before the benefits from the efficiency of EDI become widely in place.
DUMATEK