Week 3

As someone who is hoping to work with data closely in the future I have been paying particularly close attention to the way that my organization handles privacy concerns.  The most striking part of my orientation at UWMC was the cyber security discussion in which it seemed that they almost had contempt for the new employees.  There were definite undertones of “please just do the really simple stuff we tell you. We’re not asking for much” and yet resignation that new staff wouldn’t heed any of those requests.  Trying for a scared straight approach may work for some people but won’t work for everyone.  The people who are having to work with computers regularly understand the risks but I still get the feeling that most staff, especially clinical, haven’t fully registered the dangers of security breaches to the organization.

We are in the middle of changing over UWMC’s regulations with regards to has access to quality data and there are numerous conversations going on about who understands what to do with PHI.  On the one hand, it would be nice to give physicians more direct access to data that might be able to involve clinical care but at the same time the more people who can open up or download spreadsheets with PHI, the greater the chance that it slips out and costs the organization millions of dollars.  Is requiring a few hours of training enough to safeguard the hospital?  I have not been in the room for any of those discussions but I’m sure there is a ton of hand wringing going on about displaying that information where people other than analysts are the first people to vet it.