Inadvertent though Serious Breach of Electronic Protected Health Information (ePHI) MOS Medical Record Review
MOS Medical Record Reviews
In spite of the many advantages offered by electronic medical records from the point of view of the indispensable medical chart review for medical litigation and other purposes, many experts question the security of the new EMR systems that are available. With Obamacare providing incentives to make the transition to electronic records, at least 78% of office-based physicians started using some type of EHR system in 2013, a significant increase from the 18% in 2001 as per CDS (Centers for Disease Control and Prevention) data. Lost or Stolen Computing Devices – a Major Cause of Breach A September 2, 2015 press release of the HHS announced the $750,000 settlement that Cancer Care paid for violating the HIPAA Act. The names, addresses, dates of birth, social security numbers, clinical information and insurance information of approximately 55,000 current and former Cancer Care patients were compromised after a laptop was stolen from an employee’s car. Cancer Care Group is a radiation oncology private physician practice that serves hospitals and clinics across Indiana. The 13-member physician practice will adopt a strong corrective action plan to address deficiencies in its current HIPAA compliance program. This incident supports the 2012 study findings by the Ponemon Institute that one of the top three causes of a breach are lost or stolen computing devices. The Office for Civil Rights (OCR) found that even before the breach, Cancer Care did not effectively comply with the HIPAA Security Rule.
They did not have in place a written policy as regards the removal of hardware and electronic media containing ePHI (electronic protected health information) into and out of its facilities despite the fact that this was common practice within the organization.
They had not performed an enterprise-wide risk analysis when the breach occurred in 2012.
www.mosmedicalrecordreview.com
800-670-2809
These were noted as grave issues that led to the breach. If they had a written policy in place, employees would have had proper directions as regards their responsibilities when removing devices that contain protected health information from the organization. A risk analysis would have helped them identify the removal of unencrypted backup media as a considerable risk to the organization’s electronic protected health information. Ensuring Confidentiality for PHI There are many ways in which protected health information can be inadvertently put at risk. Healthcare providers, pharmacists, patients’ social media updates, family members and so on are some of the places and people that have access to healthcare information. This sensitive data is accessed from cell phones, tablets and computers. At least 85% of U.S. adults are said to own a cell phone, one fifth of smartphone users have downloaded a health app, and half of smartphone users access health information from their mobile devices, as per the Office of the National Coordinator for Health Information Technology. It is vital that all who handle health information must be cautious about maintaining its confidentiality. Information can be kept safe by:
Creating a strong password and updating it frequently
Not sharing the password with anyone
Being wary before posting information about health issues on social media websites.
When the necessity arises for health information to be made accessible to many different people, you can’t expect it to be 100 percent secure. Attorneys handling huge volume medical records related to personal injury, mass tort and other cases for the purpose of medical record review have to be extra careful in this regard and have strong measures in place to safeguard the PHI entrusted to them.
www.mosmedicalrecordreview.com
800-670-2809