You Protect Their Health, but Do You Protect Their Patient Information?
As a medical professional or support staff in a medical facility, the words “do no harm” should be familiar. When caring for a patient’s health, it should be second nature, but what about when it comes to a patient’s privacy or financial wellbeing? Unfortunately, in this day and age of identity theft, insurance fraud and other types of security breaches, patient information is valuable and vulnerable and requires the same diligence to protect as their physical health.
“Too often, unauthorized people succeed in extracting protected information from health care providers. Invasion of privacy [is] when anyone seeks health information the patient has not chosen to share. More often, though, scam artists seek patients’ billing information for financial gain. The patient’s insurance identifier is then used by an uninsured person to obtain medical services or by a fraudulent health care provider to bill for medical services that were never rendered,” an article in The New England Journal of Medicine explains.
“Data security breaches and medical identity theft are growing concerns, with thousands of cases reported each year. The Centers for Medicare and Medicaid Services (CMS) tracks nearly 300,000 compromised Medicare-beneficiary numbers. The Office for Civil Rights has received more than 77,000 complaints regarding breaches of health information privacy and completed more than 27,000 investigations, which have resulted in more than 18,000 corrective actions,” according to the same article. To prevent your medical facility from falling prey to these types of security breaches and scams, you must be proactive in employing security measures that will protect patient information.
Laws and regulations, such as HIPAA, set the standard for protecting patient information, but attention and care must be given to carrying them out. Patient information is vulnerable whether it is on paper or on a screen. There are many practical ways you can ensure that you are following the standards set in place by vigilantly protecting your patients’ personal health information.
The Patient Navigator Training Collaborative offers examples of how to keep PHI secure:
- If PHI is in a place where patients or others can see it, cover or move it
- If you work with PHI on your desk or on a computer, make sure no one can walk up behind you without knowing it
- When PHI is not in use, store it in a locking office or a locking file cabinet
- Remove documents from faxes and copiers as soon as you can
- Do not talk about patients where others can hear you or in public areas
- Close your office door when talking to patients
- Do not take files or documents PHI out of the office or clinic
- Shred PHI when documents or files are no longer needed
- When PHI is stored on a computer or storage device, use passwords, anti-virus software, data backups, and encryption
These are just examples of how to protect patient information. Employee training may need to be done, document management policies may need to be put in place and you may need to enlist the help of a secure document shredding service provider to make sure that you are not only in compliance with HIPAA laws, but making every effort to protect your patients. To get a free quote for secure shredding services, contact Secure Destruction today.