The medical field has always depended on technology for improving patient care. Thanks to advances in technology, administrative functions of healthcare offices have greatly increased their efficiency and customer relations. For example, there is technology that allows doctors to share information with offices across street or across the nation instantly with just a few clicks of the mouse. These advances not only free up hours of paperwork, but also quickly provides vital information to a patient's care.
The Electronic Medical Office & HIPAA
A clinic can in the end be more profitable by offering these innovative services. Nearly half of the people interviewed in a Forrester Research study said they would be willing to pay more for online features; such email access to their doctors. (1)
While technology can be tremendously beneficial there are serious caveats that must be heeded. In 2003, the privacy rule of HIPAA was enacted and the rules governing protected health information (PHI) of patients became far more stringent. The rule governs the way in which information is handled. It requires every level of communication and storage of the PHI to be secure and private. (2) Examples of the ways violations are:
- Computer screens visible from waiting room
- Files left out around the office
- PHI not disposed of properly, such as strictly shredded
- Records sent to the wrong home or email address
Due to these changes all modes of communication have a heavier burden of responsibility placed upon them since the inclusion of the privacy rule, but none more than electronic transmissions. Keeping the information protected when sending emails, which can be intercepted, can in itself be a daunting task.
If an action taken by any employee, whether intentional, unintentional, or simply neglectful leads to improper recipient of PHI, the practice involved could face serious consequences.
- The civil penalties range from "$ 100 per incident, up to $ 25,000 per person, per year, per standard that is violated." (3)
- The criminal penalty range in three main groups. The first is up to $ 50,000 and 1 year in prison, moving up to $ 100,000 and 5 years, or $ 250,000 and 10 years in prison.
Each tier of the criminal penalties has different qualifications leading up to the knowingly demonstrating PHI with the intent for malicious harm. (3)
Keeping Your Practice HIPAA Compliant
It's important for today's electronic medical office to have several layers of digital protection. This ensures PHI or any other private information can not go outside the confines of the practices' systems without the proper digital rights. These rights can be controlled by moderators or even the sender and have the ability to dictate what permissions the receiver may have.
One large step is to protect your practice from accidentally sending information into the wrong hands. This can be done through email anti-theft solutions which encrypts the data sent via email. By using these types of programs, the sender may control not only the security of the file but also consequent actions that may be carried out by the file's recipient (s).
email anti-theft programs allow the user to establish who can view, edit, print and forwarding these important health records. Permissions set with email anti-theft software lasts with the documents once they've left the clinic's computer.
What Happens if My Practice's Computer is Stolen?
Email anti-theft software can also protect the data on the computer if the machine is ever misplaced or stolen. This can be done through remote laptop security. All the victim of theft has to do is log into the program and there remotely block access to all protected files on the missing laptop. Without improvement in the means of securing and transmitting their files many practices will continue to commit violations of HIPAA, losing money and patients along the way.
HIPAA Compliance & Patient Trust
It is obvious that one must comply with HIPAA because of the financial penalties that go with noncompliance. There are however, far better reasons for compliance than avoiding punishment.
HIPAA Violations can break the trust between doctors and patients, but compliance along with new technology can strengthen relationships. When patients have new services such as the ability to ask questions to doctors via email the doctors can enhance their trust levels. This is especially important for small practices as interpersonal relationships play key roles for the retention of patients.
The advantages of technology will continue to provide new ways of serving patients. As the digital age comes the computer will increasingly become the focus of record keeping. With an industries like medical & healthcare so dependent on keeping detailed yet secure records, it is going to be ever important to stay current with strong security programs to encrypt and protect files.
- Bradford J. Holmes, Eric G. Brown, Elizabeth W. Boehm, Lynne Bishop, "Trends In Healthcare Consumer Technology Adoption" Forrester Research, 15 July 2004.
- Title 45 Code of Federal Regulations, Pt 164.
- United States Department of Health and Human Services. Protecting the Privacy of Patients' Health Information Summary of the Final Regulation. 2005. http://aspe.hhs.gov/admnsimp/final/pvcfact1.htm