Culture of Privacy

By John Smolen

We recently had a new database developer join our team. He’s a talented guy with relevant experience and is fitting right in. Of course, as with all new employees, there is an onboarding period during which new hires learn how the organization operates and vice versa. This period is important in all organizations, but critical for any organization that works with Protected Health Information (PHI).

In his second week, I overheard a conversation in the kitchen between him and two of our senior team members about how to best de-identify a dataset containing PHI in order to evaluate a new tool.

They spent 20-minutes talking through the nitty-gritty options and tradeoffs…

  • Use an existing testing dataset, manufacture data, or de-identify an actual dataset?
  • If de-identifying, how best to scramble the patient identifier? Is swapping digits enough or fully randomize?
  • Strip out all the dates?  What about just the day but leave month and year?
  • What about ZIP codes?  How many digits to drop?

The three of them hashed it out while they ate lunch, and referred to the printed copy of the HIPAA privacy rule that we keep on the kitchen wall.

The beauty of this conversation wasn’t in the details of the answer they arrived at, but in the conversation itself:

  • It confirmed that our onboarding processes and training paid off by causing this new hire to recognize he needed to stop and think about the data he was accessing.
  • It confirmed we had created a culture that embraces responsibility for patient privacy and a willingness to ask for support and to share knowledge with one another.

When you think about your own organization…

  • Do your new team members know about the privacy rule?
  • Does your team know where to go with questions about PHI?
  • Does your team have these conversations regularly?

For all the hackers and ransomware that lurks in the shadows of the internet, your greatest security and privacy risks are often your well-intentioned employees.

Call us. Consilink can help you identify and remediate your HIPAA risks, wherever they lie.


Security Assessment


Patient Centric


Data Security Simplified

Create a nimble culture to advance your HIPAA compliance and attack security and privacy risks.

Learn More




Find terrific career opportunities with Consilink.
Consider new opportunities, please submit your resume to us here.