Technology, Data Security, and the Wall of Shame

A Surprising Statistic
A recent blog article on the Modern Healthcare web site states that 12.1% of the U.S. population has had their protected health information (PHI) compromised in data breaches. That amounts to approximately 1 in 8 Americans that have been affected.

With assurances of doctor-patient confidentiality, notice of HIPAA practices at the doctor’s office, and the need to sign a release form to get one’s own medical records, this is a staggering number, and it’s a tough pill to swallow.

More clinicians are using portable devices such as laptops, tablets, and even Google Glass in an effort to better coordinate care and increase provider productivity. As a result, patients’ medical information is no longer contained just within the medical records room but is transported in and out of the office and even maintained on the cloud. While there are many benefits to the implementation of these technologies, the opportunity for data to be misplaced or stolen is increased.

What is The Wall of Shame?
The Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) is the watchdog for compliance with the HIPAA Privacy and Security Rules. The OCR Secretary must publicly post any data breaches affecting more than 500 patients, and that data can be found in a searchable database on the OCR site.  Many in the industry refer to this as the Wall of Shame.

When the Health Information Technology for Economic and Clinical Health Act, or HITECH, went into effect in February 2010, it strengthened the existing Privacy and Security Rules under HIPAA.  One key change made was that business associates of covered entities are now equally responsible for complying with these rules and are subject to the same fines and penalties.  Medical transcription companies, healthcare documentation specialists working as independent contractors, or any vendor or third party working with protected health information are examples of business associates.

Data breaches may take many forms. Laptops containing PHI are stolen or accidentally left behind; electronic protected health information (ePHI) on an organization’s server becomes available on Internet search engines due to changes in server configuration; ePHI stored on a photocopier hard drive is not erased when the equipment is returned to the leasing company. This represents just a few of the many scenarios reported on the HHS web site.

There has been a steady increase in the number of breaches on ‘the wall.’  For example, in 2004, there were 2 incidents posted in the HHS database; in 2013 that number soared to 242. This year already shows more than 100 reported breaches. Again, these are breaches where PHI for more than 500 individuals is involved. As one might expect, there is a noticeable jump in reported cases in 2010, after HITECH went into effect, incorporating not just covered entities but business associates as well.

The advancement of technology in healthcare documentation has the potential to improve the coordination of patient care and improve productivity for providers; however, with the increased number of avenues where information may be breached, we must be ever vigilant to protect that data.

Want to learn more?  Join us for AHDPG’s free online HIPAA training. This training is an Association for Healthcare Documentation Integrity (AHDI) Preapproved Activity for 2 CEC (Medicolegal).

Scribe Integrity

Found this controversial article from an unnamed Scribe that really stirred some inward emotions as a nurse, MT and Scribe instructor. Although I understand the whole wanting to please your boss (the physician) and the the hospital, I think the bigger picture is being missed here in the article. Scribes are suppose to save time for doctors so doctors can in turn do a better job because they have a little more time. No, there is still not an abundance of time. There never is in health care.  Scribes should not be asked to compromise their integrity. Instead, perhaps, the patients need be treated at a level 5 to be medically coded and ultimately billed for level 5 reimbursement. If the CEO was asked at any hospital, I think they would agree that level 5 billing deserves level 5 care and it would ultimately fall back on the physician to uphold this standard of care, not to cheat the system. Here at AHDPG, we put many premed students through our Scribe program with goals to later become physicians. It is a wonderful bridge career! For our Scribe graduates with future aspirations of becoming a physician, remember that integrity says a lot about who you are.   I would like to think that Scribes who move on to become physicians will have an even better understanding and can step up their game just a little more!  See the full story here.

Scribe force is growing leaps and bounds!

The number of Scribes needed across America is growing leaps and bounds! Read more about the need for Medical Scribes. Come explore our  scribe training program  and see how you can become part of this growing force.  We have a payment plan that will work for you at AHDPG.

Mobile Technology in Healthcare

Apple is leading an initiative to get mobile devices more integrated into the healthcare arena. With their upcoming iOS 8 and its HealthKit app as being an all-in-one solution for medical professionals to store patient data like blood pressure, pulse, and weight, they are hoping that physicians will use the available data to improve diagnostics and treatment decisions.  They are also looking to partner with electronic health records provider Epic Systems to integrate its software and services.  As the mobile market rapidly expands, healthcare seems like a  logical next step to integrate with.  Several healthcare facilities are currently in talks regarding integrating Apple devices with their Epic systems My Chart.  Of course with this comes other concerns and issues to be worked through but it seems that mobile technology and deeper healthcare integration could be coming together real soon.  See more about this at Reuters in this report.