Peace of Mind: Keeping Medical Records Safe

By Kim Holmes and Barry Fonarow

Peace of Mind: Keeping Medical Records SafeHow secure are your patients’ data? Storing patient health records electronically may be an efficient solution to the antiquated paper filing system of the past, but despite the many upside perks (including financial incentives from the government to adopt electronic health records), a failure in your system that results in breached data may come at a hefty price.

As a psychologist, you understand that maintaining confidentiality between patient and therapist is core to your ability to practice. Suffering a data breach could not only cost you time and resources but could cost your professional reputation.

While federal and state laws vary, generally a data breach can occur when sensitive protected health information (PHI), including mental health records and personally identifiable information (PII), is accessed without authorization, which can occur through intentional or unintentional means.

According to a recent U.S. Department of Health and Human Services report, roughly 7.9 million people’s medical records have been exposed in 30,750 cases of health care-related data breaches since 2009 — a trend that is expected to continue.

The U.S. Congress first addressed individual privacy infringements in 1996 when they enacted the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy and Security Rules, which sought to set a national legislative standard for protecting electronic individual health information. The issue was revisited in 2009 with the signing into law of the Health Information Technology for Economic and Clinical Health Act (HITECH) — a piece of legislation that was introduced as part of the Patient Protection and Affordable Care Act (the “health reform” law) that amended HIPAA — giving it “teeth” for the first time in the form of potential civil monetary fines and penalties.

While HIPAA/HITECH now provides that fines and penalties may be incurred by a health care organization in the event of a breach (on a sliding scale ranging from $50,000 up to $1.5 million per violation for the most egregious breaches), whether and to what extent these fines and penalties may be levied is always a subjective assessment by the government. An organization’s preparedness to prevent a data breach and its timely and appropriate response to a breach are factors taken into account by the federal government in determining whether and to what extent fines and penalties will be assessed under HITECH.

In addition to lost and/or stolen laptops and other portable electronic devices, one of the largest causes of health care-related data breaches is employee negligence. For instance, in 2010 NewYork-Presbyterian Hospital at Columbia University Medical Center reported a data breach which resulted in 6,800 patients’ PHI, including 10 social security numbers, being accidentally posted on the internet by an employee.

Additionally, allowing access to information by third party vendors and service providers may add another layer of vulnerability that is often overlooked when identifying cyber security weak spots. From 2010 to 2011, the personal PHI pertaining to 20,000 patients who visited the emergency room at Stanford Hospital in Palo Alto, Calif., remained publicly accessible on an online homework help site following an incident with the hospital’s third party billing contractor.

In the event that a cyber-related data breach occurs, there are often far-reaching repercussions including reputational harm and financial burdens due to potential fines and penalties and civil and class action lawsuits. There may also be expenses related to privacy notification, credit monitoring, health records resolution services, crisis management and forensic investigation.

The first step to protecting against a cyber-related data breach is through education. Learn about the federal and state laws that could apply to your organization and understand the reporting and notification requirements that may apply in the event of a data breach. Utilizing best practices both in advance of and at the point of discovering a data breach may also position your organization to be viewed more favorably by a federal or state reviewing authority post breach.

With most health care organizations only allocating 2 percent to 3 percent of their IT budgets to cyber security, an all-inclusive plan will probably be a distant reality at first for most practices. However, being caught unaware and unprepared when a breach occurs could have catastrophic consequences that an organization may not be able to weather. Therefore, in addition to consulting with a trusted advisor such as a specialized privacy/data breach attorney or risk management consultant, following these few simple guidelines may help reduce the impact of a cyber-related data breach:

  • All portable/mobile electronic devices should be encrypted with data encryption software.
  • When outsourcing work, do your due diligence by researching the third party vendor or service provider’s data breach policies, whether and to what extent they have errors and omissions liability and/or cyber liability insurance in place, and seek to put in place a written indemnification agreement with all vendors and service providers.
  • Draft an internal incident response plan for data breaches and make it part of your organization’s culture. A clear plan outlining how to respond to a data breach within your internal organizational structure should help reduce the time between when a breach occurs and when it is appropriately responded to – all of which may place your organization in a more favorable light with an after-the-fact government audit or review of the data breach.
  • Consider the purchase of a cyber liability insurance policy to help weather the financial burden of the “when” not “if” of a data breach occurring.

Complete peace of mind concerning the subject of data breaches and cyber security is not something most organizations can enjoy these days. But, you may be more confident regarding the safeguarding of your patients’ protected health information against a data breach if you have put an appropriate response plan in place to help mitigate the potentially devastating financial and reputational impact a data breach can bring upon your organization.


Enhanced by Zemanta

Cultural Competence in Health Communications

Cultural Competence in Health Communications

Click to view cultural CE courses

Cultural competence refers to an ability to interact effectively with people of different cultures. Cultural competence comprises four components:

  1. Awareness of one’s own cultural worldview
  2. Attitude towards cultural differences
  3. Knowledge of different cultural practices and worldviews
  4. Cross-cultural skills

Developing cultural competence results in an ability to understand, communicate with, and effectively interact with people across cultures. Effective health communication is as important to health care as clinical skill. To improve individual health and build healthy communities, health care providers need to recognize and address the unique culture, language and health literacy of diverse consumers and communities.

Professional Development Resources offers a variety of cultural-based continuing education (CE) courses for healthcare professionals to address this topic:

Cultural competency is one the main ingredients in closing the disparities gap in health care. It’s the way patients and doctors can come together and talk about health concerns without cultural differences hindering the conversation, but enhancing it. Quite simply, health care services that are respectful of and responsive to the health beliefs, practices and cultural and linguistic needs of diverse patients can help bring about positive health outcomes. {Office of Minority Health}

Enhanced by Zemanta

End of Life: Helping with Comfort and Care

At the end of life, each story is different. Death comes suddenly, or a person lingers, gradually failing. For some older people, the body weakens while the mind stays alert. Others remain physically strong, and cognitive losses take a huge toll. But for everyone, death is inevitable, and each loss is personally felt by those close to the one who has died.

End-of-life care is the term used to describe the support and medical care given during the time surrounding death. Such care does not happen just in the moments before breathing finally stops and a heart ceases to beat. An older person is often living, and dying, with one or more chronic illnesses and needs a lot of care for days, weeks, and sometimes even months.

End of LIfe - Online CE Course

Click to learn more!

End of Life: Helping With Comfort and Care, a 1-hour continuing education course for healthcare professionals, hopes to make the unfamiliar territory of death slightly more comfortable for everyone involved. This publication is based on research, such as that supported by the National Institute on Aging, part of the National Institutes of Health. This research base is augmented with suggestions from practitioners with expertise in helping individuals and families through this difficult time. Throughout the booklet, the terms comfort care, supportive care, and palliative care are used to describe individualized care that can provide a dying person the best quality of life until the end. Most of the stories in this booklet are fictitious, but they depict situations that reflect common experiences at the end of life.

When a doctor says something like, “I’m afraid the news is not good. There are no other treatments for us to try. I’m sorry,” it may close the door to the possibility of a cure, but it does not end the need for medical support. Nor does it end the involvement of family and friends. There are many places and a variety of ways to provide care for an older person who is dying. Such care often involves a team. If you are reading this, then you might be part of such a team.

Helping With Comfort and Care provides an overview of issues commonly facing people caring for someone nearing the end of life. It can help you to work with health care providers to complement their medical and caregiving efforts. The booklet does not replace the personal and specific advice of the doctor, but it can help you make sense of what is happening and give you a framework for making care decisions.

Related Courses:

Related Articles:

Enhanced by Zemanta

Professional Development Resources is a Proud Member of the Autism Society

Via Scoop.itHealthcare Continuing Education

The Autism Society membership encompasses many professionals from various disciplines—medical practitioners (including pediatricians, developmental pediatricians, neurologists and pediatric neurologists, among others), educators and paraeducators, therapists (speech, physical, occupational and others), behavioral analysts, social workers and more. Professionals serve on our board of directors and advisory boards, contribute to our quarterly magazine and present at and attend our national conference. Our national conference includes many offerings geared toward professionals, a number of which offer continuing education credits, and also provides professionals many opportunities to share ideas and knowledge.

It is important that professionals work together with parents for the individual’s benefit. While professionals will use their experience and training to make recommendations about a person’s treatment options, you also need to listen to parents and caregivers who have unique knowledge about the individual’s needs and abilities that should be taken into account for a more individualized course of action. As a professional, you are in a unique position to impart valuable, validated information about the individual’s diagnosis and recommended course of treatment to their family that can make a measurable difference in their lives.

Professional Development Resources is a proud member of the Autism Society.
Show original

Enhanced by Zemanta