Paying Attention to the Small Stuff
That's largely because the HITECH Act set tougher penalties for violations of the HIPAA security and privacy rules and ramped up enforcement.
But sometimes, even the best technology in the world won't prevent a privacy violation.
"What happens in a lot of practices is that the staff becomes like family to some of the patients, and so the staff forgets that sharing health information is very important business."
In a recent interview, Rosemarie Nelson, principal at MGMA Consulting Group, Englewood, Colo., offered examples of bad habits at physician group practices that can lead to serious breaches of confidentiality.
She noted that staff members at some practices talk too casually about patients' conditions in front of other patients. "What happens in a lot of practices is that the staff becomes like family to some of the patients, and so the staff forgets that sharing health information is very important business," she said.
Surely we've all experienced similar circumstances. How many times, for example, have you walked into a doctor's office and been asked, quite loudly, to state the reason for your visit? That's not very conducive to keeping your information private.
Things can get even worse at the corner drugstore, where those waiting in line for a prescription can easily overhear the pharmacist informing another customer about the side-effects of an anti-depressant.
During a recent visit to a small group practice, Nelson said she discovered an open door to the closet where a server was stored. "When I asked why the door was open, they said the server would get too hot if the door was closed," she realled. "But the door should be locked with access controlled."
The bottom line? It pays to sweat the small stuff. And that means reminding staff frequently about how to ensure patients' privacy. Ongoing training is essential to carrying out any data security policy, Nelson and other experts stress.
And when it comes to training, Dan Rode of the American Health Information Management Association points out that those efforts must go beyond employees. "The workforce includes volunteers that work in the institution, physicians who work there but may not be employed by the organization, as well as all of the employees," Rode stresses.
How is your organization tackling the training challenge?