Most every day it seems a new report emerges about an organization that has been compromised. Big names such as Equifax, Neiman Marcus, Target and Home Depot have all made the dreaded announcement of a data breach and even a local Dunkin Donuts franchise in announced that their patron’s information had been inappropriately accessed. The healthcare community is not immune. In 2015, Anthem announced one of the largest breaches on record, impacting 78.8 million individuals. Through mid-November of this year, 274 breaches impacting 500 or more records are under investigation according to the Health and Human Services (HHS) website.
Making sure the definition is clear, breach is defined by Health and Human services as an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.
Examples of breaches include:
One of the challenges related to breaches in healthcare is that workers may not be aware of the significance of a data breach. Workers seem to understand that inappropriate sharing of a sensitive diagnosis, such as cancer or HIV, is not allowable and accessing health information for curiosity will lead to discipline. However, a data breach can easily lead to the risk of both medical and financial identity theft. Information included in most health records may be used against the patient if obtained by criminals.
Protection of patient information, especially information stored electronically (ePHI) is imperative. While focusing on protection of health information stored electronically is important, entities must also be diligent in protecting any patient information that is included in any type of hard copy format, such as financial information, copies of hard copy medical records and hard copy radiographs.
When thinking about the protection of patient information don’t forget information shared with business associates. A business associate is a person or entity, other than workforce members of a covered entity, who is provided or allowed access to protected health information (PHI) in order to perform a function or activity for the covered entity. It is critical for covered entities to ensure that PHI is protected in any business associate relationship. A written agreement, referred to as a Business Associate Agreement, is required. In addition to the form, ask your business associate how they protect any information provided to them. The reality is that if a breach such as the data breach of 2 million patient records reported by a large healthcare organization recently, occurs on the business associate’s watch, the covered entity is ultimately responsible for the communication of the breach.
A key element in a strong HIPAA compliance program is the protection of health information. It must be kept confidential and available, so the integrity of the information is intact. Consider the following strategies to protect patient information in hard copy and electronic format.
Are you comfortable that your business is well positioned to prevent a breach of protected health information? About that four-letter word? STOP comes to mind! By implementing the strategies listed above it is possible to STOP many breach events.
Total Medical Compliance
6124 Creft Circle
Indian Trail, NC 28079
Phone: (888) 862-6742
Fax: (866) 875-3809
©2023 Total Medical Compliance
Total Medical Compliance
6124 Creft Circle
Indian Trail, NC 28079
(888) 862-6742
Fax (866) 875-3809
©2022 Total Medical Compliance
