Easy Ways to Secure Your System and Work Towards HIPAA Compliance – by Ryan Ricks, XLEMR
As published in the Spring 2008 Edition of EHR Scope
As we all know, medical practices see patients with the aim of improving their health. Like any other business, medical practices have many concerns, ranging from the quality of services they provide, to regulation and compliance issues, and ultimately, the bottom line and
financial well-being of their practice. Why then, should doctors and their staff worry about information security?
What is information Security?
First, you may wonder exactly what we mean by information security. Simply put, information security is the confidentiality, availability, and integrity of the data, or information
stored at your practice, whether electronic or in hard copy. Medical practices should take information security seriously, because failing to do so could have negative consequences
for quality of care, revenue streams, and may subject the practice to legal action.
Confidentiality is critical for medical practices. A patient’s medical history is highly sensitive, and there are huge consequences for a breach. Unlike a compromised credit card,
medical history can ruin one’s life, resulting in embarrassment, loss of employment, or any other terrible scenarios. Federal regulations like the Health Insurance Portability and Accountability Act mandate severe penalties if a practice fails to protect medical information. Availability is perhaps even more important. Good health care depends upon the availability of information. What
happens at your practice if you misplace a patient’s chart? Usually the staff finds it stuffed inside another chart, but what happens if the chart is destroyed? Hurricane Katrina
wiped out many practices and their charts. If you lose your information, you cannot see patients, and ultimately you lose your revenue as well. Integrity relates to the accuracy of information. Accurate information can mean the difference between life and death. How many news stories have you heard where someone died due to inaccurate medical information? Perhaps a crucial
allergy was missing from their charts, or maybe someone misplaced a decimal point for a dosage. Integrity encompasses accuracy at the point of data entry, (e.g. where there any typos?) as well as malicious tampering (e.g. did someone purposefully change a patient’s history?)