MUSCMedical LinksCharleston LinksArchivesMedical EducatorSpeakers BureauSeminars and EventsResearch StudiesResearch GrantsCatalyst PDF FileCommunity HappeningsCampus News

Return to Main Menu

ISO to head creation of hospital record policies

by Sharon Knowles
Information Security Officer 
All patients who come to the Medical University Hospital Authority for health care services have an expectation that their protected health information will be regarded with confidential integrity. MUHA employees are aggressively working to meet those expectations. 

Sharon Knowles

The Health Insurance Portability and Accountability Act (HIPAA) mandates that health care organizations create policies and procedures that ensure patient confidentiality is maintained as it relates to written, verbal, and electronic protected health information. 

MUHA is diligently working to become HIPAA compliant.

In response to the new federal laws, MUHA has established a HIPAA Steering Committee and the new position of Information Security Officer (ISO), which reports to the director of Health Information Systems. 

I became MUHA’s ISO in December. In this new role, I will be responsible for ensuring patient confidentiality is maintained concerning all patients, serving on many committees to ensure that MUHA is HIPAA compliant, and investigating inappropriate access of patients medical records. I previously worked for the South Carolina Department of Health and Environmental Control as the program monitor for South Carolina’s Ryan White HIV/AIDS Program. In that role, I was responsible for the monitoring of HIV/care and services consortia for program and fiscal compliance.

The HIPAA steering committee at MUHA has developed several committees and subcommittees to address the wide range of issues and concerns regarding access and movement of protected health information.  The hospital is in the process of developing additional policies concerning this act. Presently, staff receives training on patient confidentiality during orientation and compliance training. As policies and procedures are developed for HIPAA compliance, additional training will be provided to all staff.
 MUHA considers a breach in patient confidentiality a serious offense. 

Employees have received verbal and written warnings when they are found to be in violation of the MUHA policy. Furthermore, employees have been terminated when the violation of patient confidentiality has been for malicious gain. Consequences of violating these policies will be enforced. There have been few violations to date, due to MUHA employees becoming cognizant of the consequences of the violations.

Random audits will be conducted on MUSC employees who have been patients. These audits will be conducted to ensure that our own employees are treated with the standard of excellence that other patients receive. It is important that all patients who receive health care services at MUHA have full confidence that confidentiality will be maintained regardless of their employer.

These guidelines and policies will be consistent throughout MUHA.  The regulations have created a framework of federal laws that establish a standard for all health care organizations to follow. Before the present HIPAA regulations, laws were inconsistent and often vague. Now there will be consistency between covered health care organizations and what is expected of them concerning protected health information. It is vital that all patients at MUHA continue to receive quality health care services while being free from worrying if their protected health information is being shared with anyone who does not have the need to know. 

If you have any questions, you may contact me, Sharon Knowles, at 792-4037 or at knowles@musc.edu. The Health Information Security Office is located in the North Tower, 246E.