In 2015, there were over 112 patient health care breaches. These include instances where data and information was stolen, lost or disclosed inappropriately to individuals other than the patient. What’s more troubling is that four of the top six organizations involved happened within the purview of one of the top health insurers in the country.
Patient data loss can have severe ramifications for health providers. There are severe losses at stake in the war of protecting patient data. Stolen and lost patient data has been used for blackmail, identity theft and personal theft. Is your practice doing enough to protect patient data?
Tip to Toe Coverage
The first step in ensuring the security of patient data is to get everyone in the practice informed as to regulations and protocol. Education is the first line of defense against data breaches. Everyone from the front receptionist to the cleaning lady needs to be aware of the strict wall of confidentiality that must exist around the personal health records of patients.
EHR software was ushered in as a great technological tool to streamline and protect patient data. Unfortunately, what often happens is that the first office personnel are trained on the software from the software maker’s representatives, while personnel hired after the EHR system is implemented are trained by existing office personnel. This allows for quite a bit of misinformation and even gaps in learning. As time goes on, there is more and more chance that subsequent personnel won’t fully appreciate the security aspects involved in using an EHR system.
Instruction is the second line of defense around patient records. Whenever possible, support should be brought in from the EHR software firm to train new hires on the system. In addition, refresher courses on upgrades could be made available to older personnel.
Conversations between patients and doctors, and between patients and administrative personnel should take place in private areas. Open reception areas, cubicles and hallways are not appropriate to discuss things like insurance information updates, prescription refills, symptoms and worries. Closed-door patient waiting rooms are ideal for having these conversations, and they should be available enough so that doctors and staff can make use of them when privacy must be maintained. Since space is always a concern, one easy way to help achieve this is to have the patient reception room behind a closed door.
In many practices, patient data is stored off-site, on the cloud. While this is accepted practice, it does present another set of security issues. Medical practices have an added responsibility to make sure that their cloud patient data is safe. Make the investment to hire a specialized medical IT security team that can put safeguards and backups in place to protect that data. If the practice is attacked by a digital hacker, at the very least your practice will be able to show that it has done everything within its power to protect patient data.
When practices take exhaustive measures to protect the information and identity of patients, everyone wins. Patients will feel more secure knowing their information is being treated with discretion, which may encourage them to be more open about medical issues. Take steps today to upgrade the security around your practice’s patient records.