As an Iraq war veteran, I served as a physician with an infantry unit on the streets of Fallujah.
During the seizure of the city, we always were reminded by our commanding officers of the importance of protecting our borders.
As physicians, I believe we need to be aware and vigilant of protecting our privacy borders.
Health Insurance Portability and Accountability Act, better known as HIPAA was passed by Congress in 1996. From that time forward, protecting the borders and not leaking confidential protected health information became a physician’s priority.
As a medical student back then, I was warned never to discuss a patient in an elevator or the hospital cafeteria.
Easy enough, I presumed.
I soon learned however, that just as in Iraq, protecting borders is never an easy task.
Since 2009, there have been more than 800 patient data breeches and 29 million patient records affected by HIPAA violations, according to the 2013 Redspin Breach Report.
These date breaches can also strain the wallet. Depending on the scale of the breach, fines for HIPAA violations can start at $100 and can go as high as $50,000, capping at $1.5 million annually. Fines aren’t the only consequence practitioners face – a HIPAA violation can break the trust that patients have with their physicians.
Smaller practices are at risk as much as large organizations. It becomes harder to keep track of electronic communication within the practice when patients and staff have mobile devices and can be unaware of how easily HIPAA rules can be violated.
For example, an employee may think it is harmless to use his smartphone to post a picture or video of a patient. Well-intentioned employees may post or text an interesting physical exam finding. Even something as harmless taking a picture of food may violate HIPPA when the employee does not realize the lunch is sitting on a patient chart.
As a doctor working to protect my patients and myself, here are some useful tips to protect your borders and remain HIPPA compliant:
- Prepare Physical borders: setup security alarms, lock offices when unattended, and as a rule shield protected health information from secondary viewers.
- Administrative borders: designate security responsibilities, train staff to know the consequences of HIPAA breaches, take a monthly review of user activity, have stringent policy enforcement across all roles.
- Technical border: secure passwords (no writing them on post-it-notes), back up data, regular virus checks, data encryption for anything sent electronically. Use secure technology such as liveClinic to stay HIPPA compliant, yet communicate with your patients virtually.
- Secure borders with policies: written protocols on authorizing users, documentation of security measures, policies for notifications on breaches, retain records HIPAA records appropriately