As a medical professional, the initial intention of ‘do no harm’ is treating your patients with the best possible care. However, in this era, our responsibility is that much greater.
Every new patient that enters the office has to complete the new patient forms. This collects the patient’s name, demographic and billing information, and medical history. All relevant information for the office to provide patients with care and receive compensation. In this information era, any leak of this information is a huge breach of trust with your patient.
I recall when social media was young, and it was recommended to not use your full name on your accounts to not have a negative impact on college or job opportunities. In this digital era, this level of security is not sufficient to maintain anonymity when the internet wants to find you.
Considering the sensitive, personal information that is in medical practices, it is much more important to take steps to protect PHI (Patient Health Information). A breach of PHI leaves the individuals exposed.
If you recognize there has been a breach of ePHI, you are required to notify all patients involved. They are at risk of becoming the victim of financial fraud including, but not limited to
- • Loans opened in their name
- • Medical services billed in their name
- • Tax return fraud
- • Utility bills opened in their name
- • Credit card fraud
- • Identity fraud
These patients now have the burden of worrying about their credit score and identity theft.
There is also the issue of medical identity fraud. Here you can be the victim also. Consider how your office collects and bills a patient for the services rendered. Can you be confident that your office wouldn’t mistakenly use stolen information to bill for services rendered? How do you verify a patient is who they claim to be?
The best way for your office to prevent harm from coming to your patients is to take steps to protect your ePHI as per HIPAA regulations. This includes enforcing the mandatory annual HIPAA training for all staff (doctors included). Regularly update your risk analysis to address changes to your office and changes of threats to your office and network. Make sure you have a HIPAA Security manual completed every 12 months.
Protecting your patient information is doing no harm. Good practices help to protect your patients from harm as well as protect your practice from harm.
And if your patient believes you have harmed them, they can file a complaint with the OCR (Office of Civil Rights) and even file a lawsuit.
Reach out to TLD Systems to see how our HIPAA Compliance Program provides your office with the tools to protect your PHI.
Read Comments