Protecting medical data starts in your own facility

Hackers are increasingly targeting patients’ confidential information. Keep staff members up to date on how they can quell the danger of a breach.

What’s your staff doing to ensure the security of your patients’ health care records?

Under HIPAA, physicians and medical staffs have a responsibility to safeguard their patients’ confidential health data. As a communicator, you can help them do this by educating health care workers at all levels on the dangers of a breach—and how to avoid them.

The threat

As an article on the Healthcare Dive website reports:

Health data breaches are costing the U.S. healthcare industry an estimated $6.2 billion, according to the Ponemon Institute.

These breaches are costly for healthcare as it as among the heavily regulated industries that usually have a higher per capita cost of a data breach than the overall mean ($221), a 2016 Ponemon report shows . A stolen electronic health record (EHR) cost the average business $355 in 2016, a global analysis of data breaches adds.

At Henry Ford Health System in Detroit, according to the Healthcare IT News website , one hacker breached security and accessed the medical records of potentially more than 18,000 patients.

FREE DOWNLOAD: How to manage online patient feedback and brand reputation

Similarly, St. Mark’s Surgery Center in Fort Myers, Florida, suffered a ransomware attack that netted data from more than 33,000 patients, including patient names, dates of birth, Social Security numbers and medical information.

This infographic notes that health care data is more valuable to crooks than Social Security and credit card information:

  • It’s not easy to change.

· It can be used as the basis for insurance and credit fraud.

· It can be used to obtain illicit prescription drugs.

Your role

What’s the communicator’s responsibility in helping preserve patients’ privacy? You don’t have to be an IT expert. Remind staff that data security begins in the waiting room. This article from the HCPro website offers such as advice as:

  • Use a sign-in sheet with stickers for each patient. Have patients write their names on the stickers and bring them to the receptionist so other patients can’t read names on the sign-in sheet.
  • Assign each patient a number instead of a name in any facility offering highly sensitive treatment, such as a fertility clinic.

The Allpoint Compliance Solutions website also points to some simple precautions. For example, staff shouldn’t leave patient charts on a desk where other patients can see them.

Another area to consider? Display screens. As the article notes:

Another all-too-common mistake that occurs in many doctors’ offices is the use of electronic displays to reveal patient information. Granted, it’s perfectly acceptable to display limited patient information on electronic displays, but revealing too much information could trigger a HIPAA violation. If a large computer monitor, for instance, is used to display patients’ names, birthdates, and reason for visiting, it’s a violation of HIPAA.

Communicators, how are you encouraging doctors and support staff to keep confidential material safe?


Health Care News Feed

Sign up to receive the latest articles from Health Care News directly in your inbox.