Many healthcare providers are doing just that. Healthcare providers are leaving important healthcare information open for anyone to take.
Just like locking your front door, you must protect your health information.
We can help your practice get up to date and prepared to minimize breach risks from third-party vendors. Subscribe to stay current and up to date on important matters that will impact your practice. (To subscribe to our blog Click Here).
Every healthcare provider knows that there are rules governing the protection of health information, but not all healthcare providers actually follow them.
- Employees should only have access to protected health information (“PHI”) to the extent they need to do their job.
- Employees should only access or disclose the minimum necessary amount of information to someone who is asking for it.
- Employees do not need to insert digital media to copy PHI when their job does not require it.
But how many practices allow every employee to access all PHI in the entities’ EMR and billing software, without identification or supervision?
Too many.
Earlier this year, Nuance Communications experienced a breach of PHI for over 45,000 patients when a former employee accessed some of the company’s software without authorization. It is likely that the former employee simply did not have his or her access to that data-storing platform revoked upon termination.
We can learn from Nuance’s breach:
- If you are a healthcare provider or a business associate who works with healthcare providers, you need to recognize that the information you possess is important, and you need to treat the information with due respect;
- Healthcare providers and business associates must have internal user monitoring and audit trails to identify and stop inappropriate access to PHI;
- If an employee is terminated, healthcare providers and business associates need to recover all digital media and paper documents that contain protected health information.
Do you feel confident that you could identify if an employee was stealing your patients’ health information? Most entities would honestly say no.
Healthcare providers are held to a higher standard. They obtain individuals most sensitive information: social security numbers, addresses, date of birth, telephone numbers, email addresses, credit card numbers.
To individuals with nefarious motives, healthcare providers are the gold mine of information–they obtain everything criminals need to steal in individual’s identity, obtain insurance proceeds, open credit card accounts, etc.
If you or your entity needs assistance with the intricacies of protecting and safeguarding health information, please do not hesitate to contact our office – we can help.
We publish vital information on health law topics and news every Wednesday and Friday. To get this important information delivered directly to your mail box, click here to Subscribe.
Do you need help with updating your Business Associate Agreement or negotiating contracts with third-party vendors? We can help. To contact us about your Business Associate Agreement, your vendor contracts or your other legal needs: CLICK HERE.
P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.