While there were many people and many inventions that contributed to its invention, it was IBM that coined the name “personal computer,” or PC, in 1981. That ended the days where users had identical “dumb” terminals connected to the “mothership” corporate computer center. Now users had individual control over the features of their individual workstations, including things like wallpaper and screensavers, as well as what programs could be loaded on them.
However, with all this local user control came a lot of downside. And today, more than ever, it represents risks and obligations for both users and management.
As a manager in a medical facility, you should be concerned about — and have formal policies to restrict — what your employees are able to do with their workstations, not only to comply with HIPAA Security, but to conform to IT best practices. And if you are a healthcare employee, you should be aware of the policies your facility may have that limit what you can and cannot do with your computer.
First, it is important to recognize that the Dell or HP or Lenovo or whatever brand of computing device sitting on your desk is not a PC — as in “personal” computer. It is a BC — a BUSINESS computer. It belongs to the business, and therefore the business has the say over how it can be used. Even if it was not purchased by the facility, such as a personally-owned laptop, if it accesses the facility’s network in any way, it is covered under the facility’s IT policies. This would also relate to a personally-owned workstation at home that utilizes a VPN to access the ASC or clinic IT system.
Are you a manager of a facility without any formal IT/internet policies? You are in serious violation of the HIPAA Security Rule.
And even absent any formal policies, a facility is still covered by the federal Electronic Communications Privacy Act, which gives U.S. employers the legal right to monitor all employee computer activity, including incoming, outgoing and internal e-mail messages and attachments, as well as Web surfing, uploads and downloads.
There have been episodes where businesses have faced liability — by virtue of their employees’ inappropriate computer activities — with such things as software piracy, child pornography, illegal gambling activity, hate crimes, death threats, stalking and harassment, copyright violation, anti-trust charges and corporate espionage.
What you and your employees do on your BCs can get you — and possibly your facility — into hot water.
Marion K. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
