Protecting Patient Health Information

The general public sometimes seems puzzled why medical information is so sensitive and valuable to criminals. “Who cares about my hernia?”



Most of us probably don’t share the same attitude towards our privacy, but there is more to this than saying, “That’s none of your business!” Medical information includes important identification, financial and medical information which, in combination, offers a powerful formula for bad guys to steal your identity, open accounts and file false medical claims. Knowing health conditions, diagnoses and treatments, tricksters have precisely what they need to file convincing, yet totally false claims for expensive medical services with their fake clinic as the beneficiary.

As Healthcare Information Technology (HIT) consultants at the North Texas Regional Extension Center, we frequently encounter misunderstandings by providers when safeguarding health records. “We’re good. We have an encrypted EHR.” But user ID’s and passwords are on sticky notes on the keyboard – so encryption isn’t enough. Run a report out of the EHR, save it as a .pdf to a laptop, tablet, email address, dropbox, flashdrive or smartphone, or print it, and that report isn’t encrypted.

Data breaches occur even in small offices and it is mandatory to report these breaches to authorities and, depending on size, to the press. Federal and state penalties loom, but may be the least of providers’ worries. Over 30 percent of patients surveyed indicated they would change providers if a HIPAA security breach occurred at their doctor’s office.

It is critical to ensure that annual HIPAA mandated security risk assessments are done and updated regularly. Even more important are daily practices to protect medical information – literally every time a patient’s information is handled.

There is much more at stake than the world learning of your hernia.