Patient privacy and the security of protected health information is a hot issue throughout healthcare from the primary physician’s office through diagnostic testing and including records of hospitalization. The Federal Government is urging health care workers to move to total electronic records and have initiated bonus money to encourage compliance. However, the move to electronic records presents the challenge of security.
Writing for the on line blog The Anesthesiology Insider, Tony Mira states:
“Collecting, analyzing, reporting and storing electronic patient information present perhaps even greater HIPAA challenges than does the use of paper records, however. Data entered on a computer can be copied more easily, more cheaply, more prolifically and even passively. Once unsecured data are moved from the computer on which they are created to other media, manually or wirelessly, controlling the information becomes nearly impossible. “
A recent case settled with the Phoenix Cardiac Surgery Center demonstrates the cost of not securing protected patient information. In this case, the center was fined $100,000 for their breach of security related to protected health information.
The Department of Health and Human Services Office of Civil Rights is actively investigating breaches of security related to protected health information. A recent post on procrna.com discussed the HHS/OCR pilot program to investigate 20 health care institutions looking specifically for breaches in security. Patients are being made aware of their rights to security of their records and the Office of Civil Rights has a web page with instructions for patients to file a complaint related to unsecured records.
As Chief CRNAs working in departments that either have automated record keeping or are moving in that direction, we must ask “where are the records stored and how are they secured?” Any breach of security can be costly.