In any company it is important to pay attention to the details. Understanding new legislation, developing compliant policies and responding to day-to-day questions and issues is enough to keep anyone busy for more than 40 hours each week.
Let’s look at the medical and healthcare profession specifically. HIPAA legislation and ensuing rules and regulations have been enacted to protect patients’ privacy, but you have to wonder whether the rules are really being followed when you read articles such as, “28 Health Data Breaches in the Past 6 Months.”
Published on September 2, 2011, the article details 28 security breaches with a few notable ones including:
- A staff member at a VA Medical Center in Kentucky took home his laptop without authorization that contained the medical records of 1,900 patients.
- The physical medical and billing records of roughly 1,200 patients went missing during an office move at Fairview Health Services in Minneapolis.
- Southern California Medical-Legal Consultants unknowingly had medical files of almost 300,000 Californians unsecured on the internet.
While the causes of the breaches vary from carelessness to theft, when added together, this six-month period produced breaches that will potentially compromise the security of hundreds of thousands of innocent patients!
That is why it is so important for your company to uphold your security policies.
Here are a few best practices every healthcare provider should implement:
- Hire a director of compliance or legal counsel who can provide guidance and internal audits.
- Restrict or manage employees’ access to sensitive patient information.
- Designate an annual budget for security management systems.
- Train employees on current HIPAA legislation and perform audits to ensure it is followed.
- Develop strict security policies for any employee who uses laptop or mobile devices to access patient information.
- Destroy confidential paperwork, records and billing documents in a timely and secure manner.
With these common sense guidelines in mind, you can implement policies and build a culture of trust that makes security everyone’s responsibility.