Are You Prepared to Deal with Patient Information Breach?
‘The readily available sources for implementing security-rich technology platforms should not only make your search easier but also ensure Patient Privacy Compliance by sage-guarding critical information against undesirable proliferation, and sharing information only at the behest of patients’
Although there have been sporadic incidents of patient privacy breach, yet, the recent episode reported in a recent New York Times article (September 8th, 2011) – wherein Stanford Hospital and Clinics was quoted as saying that a spreadsheet of patient medical information, including names and diagnoses of more than 20,000 emergency room patients, was accidentally posted to a website, and remained posted for a more than a year – shows the extent of its severity. Whereas most of the hospitals, clinics, and physician practices have a secure system in place to safeguard privacy of patient information, still, the technology vulnerability, along with human negligence, remains a major impediment to shielding patient privacy from undesirable proliferation.
Technology Vulnerability has many faces
- Unsecure technology interface: Often, unsecure technology is the reason for breach of patient privacy norms as they inherit intrinsic lacunae in system security. It is usual to find such unsecure technology interface in low-budget healthcare centers. Further, technology, being a subject of perpetual innovation, your existing technology interface, despite being highly secure, can be shown to have security deficiencies by generation-next technology platforms.
- Fear of data high-jacking: As most of the data centers are centralized, it takes one unauthorized access for high-jacking your entire patient-centric data in a jiffy.
- Untrained staff: Sometimes internal staff is not fully trained, do not have proper orientation to maintain patient information on technology-enabled platforms.
- Lack of responsibility: Coupled with lack of proper training, an overtly compromising attitude on the part of your internal staff may sometimes be the reason for breach of privacy of patient information.
Irrespective of whether the violation is technical or human, HIPAA has a very strict regimen in place, which is authorized to impose both criminal penalties and monetary penalty (amended from $250,000 to $1.5 million through the recent HITECH Act) on the violating institution and the individuals.
Apart from negative repercussions on the patients concerned, any breach in confidentiality – even the one that seems minor – can spread mistrust, and affect your credibility in the medical fraternity. Therefore, physicians/hospitals/multispecialty groups have a greater responsibility in not only safeguarding their patients’ confidentiality, but also keeping their credibility unblemished. Alternatively, they can, if hedged with limited resources, apprise their patients of their limitation in patient privacy practice, to avoid facing embarrassment subsequently.
Although HIPAA has authorized, under certain exceptional circumstances, covered entities to release protected health information without authorization only to facilitate treatment, payment or health care operations, usually physicians are prohibited from disseminating patient-centric information that can have emotional, personal, social, financial, and ethical repercussions. Thus, the onus is substantially on the physicians/clinics/hospitals/multispecialty groups to safeguard their patients’ confidentiality.
Given the history of unimpressive success rate from internally implemented Patient Privacy Regime, it is advisable that physicians consult proven sources that have competencies in installing secure technology interface, and properly orienting your staff to the requisite operations – which is likely to result in best practices in Patient Privacy as mandated by the HIPAA, and render transition to the ensuing HIPAA 5010 easier.
The readily available sources for implementing security-rich technology platforms should not only make your search easier but also ensure Patient Privacy Compliance by safe-guarding critical information against undesirable proliferation, and sharing information only at the behest of patients.
Medicalbillersandcoders.com, who have a unique approach – combination of implementing security-rich technology platforms with prior orientation to your in-house staff on operational and administrative issues – that can mitigate the probability of embarrassment emanating from undesirable breach of patient privacy.