A quick online search for “Healthcare Data Breach” will reveal over 100,000 listings that discuss breaches. A similar search for “fines for healthcare data breach” reveals almost as many listings. The unauthorized access to or viewing of a patient medical record is not only illegal; it can be very costly for the facility entrusted with that patient information. Proper training in patient confidentiality, data integrity and security, as well as the rights and responsibilities of those who have access to the patient record, are the best line of defense against improper handling of Protected Health Information (PHI).
Even after proper training, according to an article in Fierce Healthcare, 59% of these breaches originate from within the organization. Additionally, the article shares, “The healthcare industry is the only sector to show a greater number of insider attacks than external.” While some may argue the use of the Electronic Medical Record (EMR) has given rise to the ease of access to and misuse of confidential patient information, it has also given us the ability to track who has looked at the patient record.
In my 17 years as a Medical Transcriptionist/Application Specialist, I recall the days of paper charts sitting in the cart behind the nursing station, or on the countertop, or inadvertently left in the patient’s room, or in the Radiology department, or on the stretcher. Its integrity protected by staff presence only.
Data breaches of PHI, inadvertent or not, have been around for a long time. Ideally, staff within hospitals and other medical facilities will not access records unless they have a specific reason to do so. With the introduction of the Health Insurance Portability and Accountability Act (HIPPA) in 1996, it became an important focus for hospitals and healthcare facilities to ensure they are taking all precautions possible to protect patient health records and information. The fines for violating HIPPA are high and can be detrimental to hospitals. With the recent onset of cybersecurity attacks of hospitals, it is vital to ensure proper handling of PHI to ensure patients and hospitals are protected. Fortunately, facilities have moved past paper charting and now can utilize technological advances to help safeguard such information.
Our solutions are developed to reinforce facilities guidelines and protocols to protect patient information. For example, by means of a pop-up window that the user must acknowledge by clicking either OK or Cancel, the Picis “VIP” notification, gives the user a chance to “back away” from making a serious legal error (and a potentially costly one) when s/he attempts to access a specific patient record. Additionally, the audit trail allows the hospital to determine who has accessed specific patient records when necessary, which helps keep track of who viewed the patient file in case issues arise.
Prior to this technology, the process of locking up a VIP chart and logging the names of anyone who has accessed it was a cumbersome manual process. The benefits of this technology are two-fold; hospital employees who truly need access to a chart to care for a patient can easily gain that access while those who are not involved in the patient’s care are warned that they are about to open a VIP chart and their activity is tracked.
Take a look at your system and see what can be done to protect patient privacy and keep everyone safe!
À propos de l'auteur
Sonia Nagel, vice-présidente, Services professionnels
Au cours de son séjour chez Picis, Sonia a eu le plaisir de travailler avec de nombreux clients et collègues en vue d'améliorer les processus de gestion de projet et les expériences de clients. Sonia nous vient d'un milieu hospitalier et possède plus de 20 ans d'expérience dans le domaine des technologies des informations sur la santé, dont les 12 dernières années ont été consacrées au soutien des applications, à la mise en œuvre et à la réussite des clients.