What’s your staff doing to ensure the security of your patients’ health
care records?
Under HIPAA, physicians and medical staffs have a responsibility to
safeguard their patients’ confidential health data. As a communicator, you
can help them do this by educating health care workers at all levels on the
dangers of a breach—and how to avoid them.
The threat
As an
article
on the Healthcare Dive website reports:
Health data breaches are costing the U.S. healthcare industry an estimated
$6.2 billion,
according to
the Ponemon Institute.
These breaches are costly for healthcare as it as among the heavily
regulated industries that usually have a higher per capita cost of a data
breach than the overall mean ($221),
a 2016 Ponemon report shows
. A stolen electronic health record (EHR) cost the average business $355 in
2016, a
global analysis of data breaches
adds.
At Henry Ford Health System in Detroit, according to the Healthcare IT News
website
, one hacker breached security and accessed the medical records of
potentially more than 18,000 patients.
FREE DOWNLOAD: How to manage online patient feedback and brand reputation
Similarly, St. Mark’s Surgery Center in Fort Myers, Florida, suffered a
ransomware attack that netted data from more than 33,000 patients,
including patient names, dates of birth, Social Security numbers and
medical information.
This
infographic
notes that health care data is more valuable to crooks than Social Security
and credit card information:
· It can be used as the basis for insurance and credit fraud.
· It can be used to obtain illicit prescription drugs.
Your role
What’s the communicator’s responsibility in helping preserve patients’
privacy? You don’t have to be an IT expert. Remind staff that data security
begins in the waiting room. This
article
from the HCPro website offers such as advice as:
-
Use a sign-in sheet
with stickers for each patient. Have patients write their names on the
stickers and bring them to the receptionist so other patients can’t
read names on the sign-in sheet.
-
Assign each patient a number
instead of a name in any facility offering highly sensitive treatment,
such as a fertility clinic.
The Allpoint Compliance Solutions website also points to some simple
precautions.
For example, staff shouldn’t leave patient charts on a desk where other
patients can see them.
Another area to consider? Display screens. As the article notes:
Another all-too-common mistake that occurs in many doctors' offices is the
use of electronic displays to reveal patient information. Granted, it's
perfectly acceptable to display limited patient information on electronic
displays, but revealing too much information could trigger a HIPAA
violation. If a large computer monitor, for instance, is used to display
patients' names, birthdates, and reason for visiting, it's a violation of
HIPAA.
Communicators, how are you encouraging doctors and support staff to keep
confidential material safe?