What’s your staff doing to ensure the security of your patients’ health care records?
Under HIPAA, physicians and medical staffs have a responsibility to safeguard their patients’ confidential health data. As a communicator, you can help them do this by educating health care workers at all levels on the dangers of a breach—and how to avoid them.
As an article on the Healthcare Dive website reports:
Health data breaches are costing the U.S. healthcare industry an estimated $6.2 billion, according to the Ponemon Institute.
These breaches are costly for healthcare as it as among the heavily regulated industries that usually have a higher per capita cost of a data breach than the overall mean ($221), a 2016 Ponemon report shows . A stolen electronic health record (EHR) cost the average business $355 in 2016, a global analysis of data breaches adds.
At Henry Ford Health System in Detroit, according to the Healthcare IT News website , one hacker breached security and accessed the medical records of potentially more than 18,000 patients.
Similarly, St. Mark’s Surgery Center in Fort Myers, Florida, suffered a ransomware attack that netted data from more than 33,000 patients, including patient names, dates of birth, Social Security numbers and medical information.
This infographic notes that health care data is more valuable to crooks than Social Security and credit card information:
- It’s not easy to change.
· It can be used as the basis for insurance and credit fraud.
· It can be used to obtain illicit prescription drugs.
What’s the communicator’s responsibility in helping preserve patients’ privacy? You don’t have to be an IT expert. Remind staff that data security begins in the waiting room. This article from the HCPro website offers such as advice as:
- Use a sign-in sheet with stickers for each patient. Have patients write their names on the stickers and bring them to the receptionist so other patients can’t read names on the sign-in sheet.
- Assign each patient a number instead of a name in any facility offering highly sensitive treatment, such as a fertility clinic.
The Allpoint Compliance Solutions website also points to some simple precautions. For example, staff shouldn’t leave patient charts on a desk where other patients can see them.
Another area to consider? Display screens. As the article notes:
Another all-too-common mistake that occurs in many doctors’ offices is the use of electronic displays to reveal patient information. Granted, it’s perfectly acceptable to display limited patient information on electronic displays, but revealing too much information could trigger a HIPAA violation. If a large computer monitor, for instance, is used to display patients’ names, birthdates, and reason for visiting, it’s a violation of HIPAA.
Communicators, how are you encouraging doctors and support staff to keep confidential material safe?