Relative to your specific question, client names shouldn't be displayed out in the open, but the answer to the
problem can be as easy as draping a curtain over the bookcase so the names are no longer visible to anyone walking by the work area in question.
My point here is not to minimize the importance of your issue, but to point out that there are usually multiple ways to solve any problem. More indicative of your environment is a general disdain for patient privacy. This seems to be more of a cultural issue (if I can make that assessment based on a one paragraph question).
The only way to change culture is by mandate and consistent enforcement of that mandate. The top executive would need to mandate that patient privacy is important. Someone will likely need to be terminated as a result of ignoring the mandate for the troops to really get the picture.
That is usually bad medicine, but until you were to get a significant fine (which is unlikely, given the current lack of HIPAA enforcement) or be sued by a client, nothing is likely to change without that mandate.
For more information:
Dig deeper on HIPAA
Related Q&A from Mike Rothman, Contributor
In the world of security certifications, what is the GISP and how alike is it to the CISSP? In this security management expert response, learn about ...continue reading
Depending on your enterprise, it may or may not be necessary to utilize a QSA. In this security management expert response, learn how to determine ...continue reading
When developing software securely, what role does gap analysis play? In this security management expert response, learn how to implement gap analysis...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.