Reduce the risk of litigation and build confidence in data handling by becoming a privacy champion.
New employees attending orientation at Atlantic General Hospital in Berlin, Md., barely have time to gulp down their first cups of coffee before Jim Brannon begins talking about privacy.
The human resource chief at the 51-bed hospital serving the mostly rural population on Maryland’s Eastern Shore, Brannon begins a cautionary tale that hits home with his mostly female audience: At another small hospital a decade ago, he recalls, an irate patient called to complain that an employee had approached her in a group at church and congratulated her on being pregnant. The problem: The mother-to-be hadn’t told her friends and family.
“This is a small town. People talk, and they want to be caring,” Brannon told two dozen new employees last May. “But that doesn’t mean they don’t deserve privacy.”
State identity theft laws put even greater pressure on HR professionals to keep a close watch on employee records and other private data, says attorney Audrey Mross, head of the labor and employment law section at law firm Munck Carter in Dallas.
Most states require businesses to come clean following a breach. At least 43 states have laws requiring organizations to notify anyone whose personal information has been compromised and to pay for consumer-credit monitoring services in some instances, according to the National Conference of State Legislatures.