Breaches in Healthcare: Proactively Protect PHI

A quick online search for “Healthcare Data Breach” will reveal over 100,000 listings that discuss breaches. A similar search for “fines for healthcare data breach” reveals almost as many listings. The unauthorized access to or viewing of a patient medical record is not only illegal; it can be very costly for the facility entrusted with that patient information. Proper training in patient confidentiality, data integrity and security, as well as the rights and responsibilities of those who have access to the patient record, are the best line of defense against improper handling of Protected Health Information (PHI).

Even after proper training, according to an article in Fierce Healthcare, 59% of these breaches originate from within the organization. Additionally, the article shares, “The healthcare industry is the only sector to show a greater number of insider attacks than external.” While some may argue the use of the Electronic Medical Record (EMR) has given rise to the ease of access to and misuse of confidential patient information, it has also given us the ability to track who has looked at the patient record.

In my 17 years as a Medical Transcriptionist/Application Specialist, I recall the days of paper charts sitting in the cart behind the nursing station, or on the countertop, or inadvertently left in the patient’s room, or in the Radiology department, or on the stretcher. Its integrity protected by staff presence only.

Data breaches of PHI, inadvertent or not, have been around for a long time. Ideally, staff within hospitals and other medical facilities will not access records unless they have a specific reason to do so. With the introduction of the Health Insurance Portability and Accountability Act (HIPPA) in 1996, it became an important focus for hospitals and healthcare facilities to ensure they are taking all precautions possible to protect patient health records and information. The fines for violating HIPPA are high and can be detrimental to hospitals. With the recent onset of cybersecurity attacks of hospitals, it is vital to ensure proper handling of PHI to ensure patients and hospitals are protected. Fortunately, facilities have moved past paper charting and now can utilize technological advances to help safeguard such information.

Our solutions are developed to reinforce facilities guidelines and protocols to protect patient information. For example, by means of a pop-up window that the user must acknowledge by clicking either OK or Cancel, the Picis “VIP” notification, gives the user a chance to “back away” from making a serious legal error (and a potentially costly one) when s/he attempts to access a specific patient record. Additionally, the audit trail allows the hospital to determine who has accessed specific patient records when necessary, which helps keep track of who viewed the patient file in case issues arise.

Prior to this technology, the process of locking up a VIP chart and logging the names of anyone who has accessed it was a cumbersome manual process. The benefits of this technology are two-fold; hospital employees who truly need access to a chart to care for a patient can easily gain that access while those who are not involved in the patient’s care are warned that they are about to open a VIP chart and their activity is tracked.

Take a look at your system and see what can be done to protect patient privacy and keep everyone safe!

Acerca del autor

Sonia Nagel, Vicepresidenta, Servicios Profesionales

Durante su estancia en Picis, Sonia ha podido disfrutar del trabajo con varios clientes y compañeros para mejorar los procesos de gestión de proyectos y las experiencias de cliente. Sonia llega a nosotros con experiencia en hospitales y se trae consigo más de 20 años de experiencia en informática sanitaria, cuyos últimos 12 los ha dedicado a la asistencia técnica e implantación de aplicaciones y el éxito el cliente.

Además de su experiencia, tiene una Licenciatura en Ciencias en Tecnologías de Sistemas de Información, un PMP (Profesional de Gestión de Proyectos), RHIT (Técnico de Información de Salud Registrado por AHIMA) y un CHTS (Especialista en Soporte de Implementación de Tecnología de Salud Certificado por AHIMA).

Sonia cree que cada día brinda la oportunidad de aprender y crecer tanto personal como profesionalmente y aprecia todo lo que aprende de sus clientes y compañeros de trabajo. Cuando Sonia no está en el trabajo, a menudo sale a correr, andar en bicicleta o caminar con su familia y amigos.