Everyone Please Respond 13

[shannanl]

I am over the computer department at a hospital. Our server room is the first office that you encounter when you come through the front door. Until today it was my policy to keep the server room door locked. The server room is also our office with a couple of workstations. If someone needed us they would just knock on the door or call, etc. Because we often display patient related information on those screens and just plain old good security I thought that was the best policy. I was told this morning that we must keep the door open if someone is in the office. I am sure that it was because of a nosy employee that wants to know what is going on. This really burns me because we do an outstanding job here and everyone knows it.

What is your opinion on this? At the least we will have to purchase privacy screens for the workstations and those are not cheap. I believe that the boss should have told the person to mind their own business and get back to work. What do you guys think?

Thanks in advance,

Shannan

 

[iownroot]

Not to mention, there's obviously some politics at work in this situation.

CISSP, MCT, MCSE2K/2K3, MCSA, CEH, Security+, Network+, CTT+, A+

 

[AndrewTait]

Try sending your letter to the board of directors, using signed for by addressee post/courier. This way, you have covered your back if the brown stuff hits the air recircualtion device.

If they have signed for the letters (which they will if they do not know who they are from, especially if sent to their home address. Human nature is such that curiosity will over ride the thought that it might be something bad.) then it is their neglegence if they have not read them, and something goes wrong. You will also have a record that you have notified them of this situation, and therefore can claim that it is not your butt on the line.

In the mean time, try and find another job, because it sounds like this is going to explode big time.

So often times it happens that we live our lives in chains
And we never even know we have the key

 

[dput]

STOP!!!!

If this really bothers you, go find another job! Do not try to force this situation. Best case is that you may get this overridden, but you are going to be labelled a major trouble maker and "not a team player". The management at this company will never trust you again. If you continue to pursue this and choose to leave, you will probably have a reputation through out the medical community in your area that will scare them from considering hiring you.

At this time, it appears that NO Patient Information privacy has been compromised. If you are diligent, none will be. Is this situation wrong, YES. But you won't solve it by sending letters to the board of directors. You are only going to ruin your reputation.

The reality is that no one should be sitting in the computer room. It will cause security problems and is not a good work environment if the room is being kept at the right temperature. It is noisy. And to be honest, your constant prescence in the room is not good for the equipment.

If paitent information had been comprimised, then you may be justified in going to all extremes.

There are small things you can do for now to protect the information and your organization for now.

Do not ever leave your PC logged on when you walk away. Always minimize the patient info when somebody approaches your desk. Make sure you have good off-site backups in place in case somebody walks in and tries to destroy the equipment.

Good luck!

Dan

 

[sstoppel]

Shannanl, based on your thread it sounds like the executives are trying to manufacture a thick coat of contrived "mistakes" to cover up some serious shenanigans.

First of all, document and record every correspondence. You may find yourself being the fall guy. Middle management usually faces the music while board and execs protect one another, and the little people fry.

About now, the execs will start spending money on consultants to show that they are "doing something about the problem" and rest assured that the finger of blame will point everywhere but up. Alternatively, they may decide to outsource the whole IT operation so that they can wash their hands of any wrongdoing. Either way you need to be looking for another job, pronto.