Protecting patient health information from unauthorized access can be a challenge with the wide variety of forms that it can take – text messaging, hard copy, electronic health records, the list goes on. Patient Rights include the right to privacy of their health and personal information with organizations incurring significant fines for violations. Unfortunately, our observations in the field have included multiple instances where patient information was found to be at risk:
- Observations in an Emergency Department where both portable and stationary computer screens were left unlocked with patient information present and potentially viewable to the public.
- EKG machines left on with the previous patient’s name and other information present in an exam room.
- Clinics with health records in unlocked cabinets and open shelving accessible to unauthorized individuals after-hours.
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that covered entities and their business associates conduct a risk assessment of their healthcare organization to ensure compliance with HIPAA’s administrative, physical, and technical safeguards. A risk assessment can also reveal areas of vulnerability where your organization’s protected health information (PHI) could be at risk. Contact your HIPAA Privacy Officer or the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) to access the HIPAA Security Risk Assessment Tool.
Additionally, organizations should consider the use of automatic lock outs on computer screens after short duration to prevent access. Determine if medical equipment stores patient information and if it can be protected from unauthorized access (check the instructions for use). Conduct periodic rounding for potential vulnerabilities. Discuss with staff what can be done to support their practice and the information privacy of patients.
Please contact us for questions or more information at 704-573-4535 or info@courtemanche-assocs.com.
Courtemanche & Associates specializes in Healthcare Accreditation and Regulatory Compliance Consulting Services. With over 29 years of being in business and 100+ years of healthcare experience amongst our consulting team, we are ready to assist with your accreditation and regulatory compliance needs.