- By Julio
- With No Comments
- On 22 Jun | '2015
Are Your Patient Records Really Safe From a Security Breach?
Recent media coverage has alerted the nation to the dangers associated with security breaches. Unfortunately, some of the most vulnerable collectors of personal information have been slow to act to protect sensitive materials. Hospitals and doctor’s offices house thousands of records of personal information with little security. This lack of a deterrent leaves patients’ intimate lives exposed to whoever has an interest and opportunity.
Are medical records at risk?
Recent security breaches have hit hospitals and medical centers in New England, the South, and the Midwest. Further breaches are possible, even likely due to the condition of records security. Surprisingly, the most vulnerable records are old-fashioned paper documents. That isn’t to say that digital records cannot be accessed, but simply opening a file drawer and reading the contents of a folder is within arm’s length of everyone working on staff.
Who should and should not have access to patient records?
The obvious personnel of doctors and nurses should be able to view the complete file of a patient, but who else should have access? It comes down to what information is needed by whom. Billing clerks need to know what services have been provided in order to bill insurance correctly. This information should not include anything regarding a patient’s diagnosis, or health history.
An admissions clerk only needs basic facts to enter a patient into the computer system, and should not have access to sensitive information. The same can be said for workers who transport patients. Typically, most information should be given only on a need-to-know basis to ensure the strictest confidence of the patient is upheld.
Unfortunately, paper records are easily accessed by almost any member of a medical staff. Some may be merely curious or nosy, while others feel they have a right to the information. Even if a staff member knows a patient, is the patient in question, or is the relative of the patient, looking at a file is wrong. In fact, accessing medical records, and relating the information to others for financial gain is a crime. Violators can be fined, lose their license to practice (if applicable), or face, or serve time in jail.
What qualifies as a security breach?
Breaching security of confidential medical information of patients has often been intentional, but sometime it’s unclear. So, what is a violation of privacy? Obtaining or sharing private information about patients seems cut and dried, but there are many gray areas. A patient’s information can be breached in the following ways:
– Deliberately accessing files to gain information about a patient when it is not related to a medical case
– Medical staff discussing a patient’s personal information with friends or family
– Staff texting information about patients to anyone
– The release of information to a caller or visitor who has not been properly identified
– Allowing unauthorized visitors access to files or the area where files are stored
– Posting personal information about patients on social media or blogs
– Looking up the personal information of co-workers not related to the job
– Inadvertently sending patient information to the wrong e-mail address, fax number, or street address
– Photographing patients with a cell phone
Much of the above breaches of privacy can be attributed to unprofessional behavior. Even if the intent is not harmful, innocent, or misunderstood, any access to a patient’s personal information should be viewed as sacred. In fact, medical personnel take an oath to protect patients’ well-beings. This includes their privacy and health histories.
Tips to Keep Records Safe
Medical staff must keep in mind that a breach in security can mean loss of patients, fines, and a poor reputation. To avoid these costly mistakes, many actions can be taken. Mostly by using common sense, a breach can be largely avoided.
– Log off a computer when not in use, especially if the desk is not manned
– Properly dispose of patient paperwork and files in line with the medical facility’s policies and procedures
– Never discuss patients in public areas. Seek out a private area, close a door, and speak softly
– Be sure a patient has given written permission to discuss the patient’s information in front of visitors
– Do not discuss personal information with the patient in front of non-staff
– Never leave a patient’s files or paperwork sitting on a desk, table, or examination room unattended
– Do not give others passwords or login information that accesses patient files
– Never bring paperwork or files containing patient information home
– Double check fax numbers, and addresses before sending information to other medical offices
– Do not look up patient information unless it is necessary
– Never post patient information on social media, blogs, or chat rooms, even if the patient is a family member or friend
– Do not allow visitors access to areas where records or files on patients are kept
This content was provided by Neches FCU, an Equal Employment Opportunity Employer Credit Union.
Neches FCU is one of the top Texas credit unions and has a courteous and attentive team of professionals ready to service it’s wide base of members. When the doors open at any of the nine service outlets, our core objective of “Ultimate Member Satisfaction” becomes the sole focus for every representative. They are well-known for a personal, dynamic and upbeat work environment, providing a memorable service experience, and where clients are known personally. Neches FCU has approximately $438 Million in assets with over 45,000 members. Neches FCU is acknowledged by members and the business community as one of the top credit unions in Texas and an actively involved partner, helping our Family, Friends and Community!