Imagine if someone could access all of your patient’s private records by simply plugging a few keywords into Google. Think of the personal humiliation that both patient and health care provider would go through, let alone the potential legal ramifications. This nightmare scenario may sound improbable, but it is precisely what happened to 300,000 Californians.
As an answering service that serves the medical community, we at Dexcomm were shocked when the Associated Press reported last month that an oversight by Southern California Medical-Legal Consultants, accidentally allowed vital personal information of more than a quarter million people to be viewed by anyone with a computer and internet access. The Californian firm works with primary care providers to recoup payment in worker’s comp cases. The leak included the insurance details, social security numbers, and even doctors’ diagnoses for hundreds of thousands of patients.
This oversight demonstrates just how difficult it can be to keep personal information private in the age of instant access. Even having done everything in your power to secure your patient’s records, one slip of diligence by a third party with whom you do business can render your efforts moot. It is frightening to think that a professional career built on years of trust with patients can be threatened by the mistakes of others. However, there are precautions you can take.
Medical professionals rarely make this type of mistake themselves. That is good news; you likely already have practices in place that ensure patient confidentiality. However, a review of just what your protocols are in regard to this issue certainly will not hurt. After you have done this, make a list of third-party businesses with whom you have to share patient information. According to the AP, these auxiliary companies are the most likely to have breaches of security: “The further away from the health care provider the records get, the flimsier the enforcement mechanisms for ensuring the data are protected.”
Contact those with whom you must share information and ask about their protocols for patient confidentiality. Do they use HIPAA guidelines to self-assess? Are they members of professional organizations that prioritize secure information sharing and confidentiality? How do they respond to your questions? A company that handles information in the proper way will be delighted to give you details about this part of their services, because they take confidentiality as a point of pride. Request that the third-party service keep you up-dated on any changes in the way that they handle patient information, and cut out some time in the calendar to review where you stand in regard to this issue—once a year at the very least.
The breach of confidentiality that occurred in California is certainly a scary incident for those of us who work in the medical services, but with a little diligence, you can make sure that something like this never happens to you.
Click this button to find out how serious Dexcomm is about HIPAA compliance.