Many healthcare providers are doing just that: Healthcare providers are leaving important healthcare information open for anyone to take.
Just like locking your front door, you must protect your health information.
Every healthcare provider knows that there are rules governing the protection of health information, but not all healthcare providers actually follow them.
- Employees should only have access to protected health information (“PHI”) to the extent they need to do their job.
- Employees should only access or disclose the minimum necessary amount of information to someone who is asking for it.
- Employees do not need to insert digital media to copy PHI when their job does not require it.
But how many practices allow every employee to access all PHI in the entities’ EMR and billing software, without identification or supervision?
I can tell you, a lot.
LewisGale Regional Health System of Salem, Va. recently reported a multi-state data breach that affected 400 patients, 40 of which were under LewisGale’s care. The breach, occurred in LewisGale’s billing department as a result of a former employee accessing patient data between August 27, 2012 and April 23, 2013. Patient names, addresses, insurance information and Social Security Numbers were all potentially exposed as a result of the breach. Article.
We can learn from this health system’s breach:
- If you are a healthcare provider or a business associate who works with healthcare providers, you need to recognize that the information you possess is important, and you need to treat the information with due respect;
- Healthcare providers and business associates must have internal user monitoring and audit trails to identify and stop inappropriate access to PHI;
- If an employee is terminated, healthcare providers and business associates need to recover all digital media and paper documents that contain protected health information.
If you think about your company as you read this post, do you really feel confident that you could identify if an employee was stealing your patients’ health information? Most entities would honestly say no.
Healthcare providers are held to a higher standard. They obtain individuals most sensitive information: social security numbers, addresses, date of birth, telephone numbers, email addresses, credit card numbers.
To individuals with nefarious motives, healthcare providers are the gold mine of information–they obtain everything criminals need to steal in individual’s identity, obtain insurance proceeds, open credit card accounts, etc.
If you or your entity needs assistance with the intricacies of protecting and safeguarding health information, please do not hesitate to contact our office – we can help. For assistance CLICK HERE.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.