At the Frontline: Memorial Hermann security chief Joseph Bellino

Bellino discusses how he’s helping keep Texas' largest healthcare system safe

SIW: How have hospital security measures evolved as it relates to protecting against kidnappings in their birth units?

Bellino: I think I can speak for my colleagues nationwide and internationally, we've done a really good job hardening hospitals and making it difficult and that's why we are better at catching these people and when it does happen of recovering the infant very quickly. I think what we need to do is when mom and dad go home, give them the information needed so that when they get home they can protect them because we know that people will prey upon newborn parents, not necessarily abductions, but there are all types of scams and things of that nature. We have had some abductions that have occurred at the home after they've left the hospital. I think it's important that we tell people 'this is what you need to do, here are some best practices to protect your baby after you leave our hospital.' For instance, I don't advocate publishing the birth whenever we can, I mean the hospitals continue to do that but when you get home don't put the stork on your front lawn. Make sure you vet people that call.

We here at Memorial Hermann have been doing a lot of work around infant security and standardizing our infant protection throughout our hospitals so that we have good, reliable systems in place and good, reliable training of our staff. I think there was recognition that electronics aren't the be all and end all with infant protection and that the best defense is the staff. We need to train not only the maternity and women's center staff that are in the birthing centers, but train the whole team so that when an abduction occurs, everyone in the hospital has an understanding of what their role is and what they're supposed to do to help retrieve the baby and/or prevent the baby from leaving the campus. I think sharing of information is important too. We share a lot of information in the Houston area. The hospitals are pretty close. We do a good job of sharing information amongst ourselves in a way that doesn't violate PHI or branding or any of that kind of stuff because it gets to be competitive, but there comes a point where we have to take care of each other regardless of our brand.

SIW: There have been a number of security breaches as it relates to the unauthorized access of patient data at healthcare facilities in recent years. What are some of the biggest challenges in protecting this information and where do you think the industry can improve?

Bellino: I think that goes back to education quite honestly. We have logins to our computers and time outs and all that other type of stuff, but again when we do have breaches its usually human error. Someone lays a chart down inadvertently; they get busy, because we are very busy and very schizophrenic at times. You just can't do that stuff anymore. You've got to be very conscious of it. We for instance, we had a very high-profile VIP at our organization and we had team meetings and we stressed to our staff how important it was to protect this VIP and we had the VIP for five months and there were no breaches. Again, you can instill some pride and sense of ownership in your team and you can do that by training where they don't want to violate that person's confidentiality.

I think its cultural and building that corporate culture. I think it took a while, but I think people are catching on. Vetting you third-party vendors that may be doing billing for you that's very, very important because it's our vendor, if they breach PHI we're still liable for it. It's making sure that everybody in your system, everybody that touches that medical record, whether it's a vendor, a billing office or whoever, that everybody is on the same team with the understanding that our main goal is to protect that information at all costs. We also do a good job of securing our medical records using security systems, card access, etc., which provides a good audit trail when you need to do audits of who access a medical record file room. Is it 100 percent fail safe? No, but it's better than having nothing.