A quick online search for “Healthcare Data Breach” will reveal over 100,000 listings that discuss breaches. A similar search for “fines for healthcare data breach” reveals almost as many listings. The unauthorized access to or viewing of a patient medical record is not only illegal; it can be very costly for the facility entrusted with that patient information. Proper training in patient confidentiality, data integrity and security, as well as the rights and responsibilities of those who have access to the patient record, are the best line of defense against improper handling of Protected Health Information (PHI).
Even after proper training, according to an article in Fierce Healthcare, 59% of these breaches originate from within the organization. Additionally, the article shares, “The healthcare industry is the only sector to show a greater number of insider attacks than external.” While some may argue the use of the Electronic Medical Record (EMR) has given rise to the ease of access to and misuse of confidential patient information, it has also given us the ability to track who has looked at the patient record.
In my 17 years as a Medical Transcriptionist/Application Specialist, I recall the days of paper charts sitting in the cart behind the nursing station, or on the countertop, or inadvertently left in the patient’s room, or in the Radiology department, or on the stretcher. Its integrity protected by staff presence only.
Data breaches of PHI, inadvertent or not, have been around for a long time. Ideally, staff within hospitals and other medical facilities will not access records unless they have a specific reason to do so. With the introduction of the Health Insurance Portability and Accountability Act (HIPPA) in 1996, it became an important focus for hospitals and healthcare facilities to ensure they are taking all precautions possible to protect patient health records and information. The fines for violating HIPPA are high and can be detrimental to hospitals. With the recent onset of cybersecurity attacks of hospitals, it is vital to ensure proper handling of PHI to ensure patients and hospitals are protected. Fortunately, facilities have moved past paper charting and now can utilize technological advances to help safeguard such information.
Our solutions are developed to reinforce facilities guidelines and protocols to protect patient information. For example, by means of a pop-up window that the user must acknowledge by clicking either OK or Cancel, the Picis “VIP” notification, gives the user a chance to “back away” from making a serious legal error (and a potentially costly one) when s/he attempts to access a specific patient record. Additionally, the audit trail allows the hospital to determine who has accessed specific patient records when necessary, which helps keep track of who viewed the patient file in case issues arise.
Prior to this technology, the process of locking up a VIP chart and logging the names of anyone who has accessed it was a cumbersome manual process. The benefits of this technology are two-fold; hospital employees who truly need access to a chart to care for a patient can easily gain that access while those who are not involved in the patient’s care are warned that they are about to open a VIP chart and their activity is tracked.
Take a look at your system and see what can be done to protect patient privacy and keep everyone safe!
About the Author
Sonia Nagel, Vice President, Professional Services
During her time at Picis, Sonia has enjoyed working with numerous customers and coworkers to improve project management processes and customer experiences. Sonia comes to us with a hospital background and brings with her more than 20 years of Health Information Technology experience, the last 12 of which were spent focused on Application Support, Implementation and Customer Success.