Patient Records and Security

Given the regulatory environment regarding protected health information, patient records are not something you can just stuff in boxes and/or your basic storage units. Just consider a couple of the following real world scenarios.

  • Millions of medical records lost in fire at a warehouse used by a records storage business - link to video report
  • Medical/dental records sold mistakenly at auction when the contents of a storage unit were auctioned off, link
Anytime medical records are in paper format; this is going to lead to space saving choices at some point. Paper just takes up a lot of space, and there is a lot of documentation attached to each patient in a practice. If old patient records cannot be fit in-house, physical storage units are often the choice amongst providers. While it may seem this is a good option, this may have more to do with it seeming easy to use – the location is oftentimes close by the practice and the entire process seems clear and easy to understand.

The problem is the security aspect of using various physical warehousing options for storage of patient records – especially with the new HIPAA/HITECH penalties regarding breaches. They are tough.  A basic storage unit provides no security whatsoever. It is an out of sight, out of mind type of storage. If for whatever reason, information needs accessed from there, it is a time consuming process to go there and rifle through to find what you need.

There is no monitoring of the storage units. Furthermore, there is no natural deterrent to fire, water, or other natural elements that may damage the records.

In addition, these places are easy to break into. It may surprise you to know there are criminals out there that zero in on medical records because they provide such a wealth of private, identifiable information on your patients. They often have social security numbers, addresses, insurance details, and other sensitive data that is then used for anything from financial theft fraud to medical identity fraud. The latter can affect patient care and be life threatening. According to MIFA (Medical Identity Fraud Alliance), the value of a medical identity is greater than SS – from 20-50 times greater.

This is not to say having protected patient health information in electronic format is without its own security issues. It is just a lot easier to get a handle on the security aspect. For one, what may be the worst disadvantage of all with physically storing paper records is that there are no backups. If the storage unit or warehouse has a fire, the records are lost. Flooding can do severe damage also. If somebody forgets to pay the storage bill, the storage operators consider the contents theirs now and will oftentimes auction it all off to pick up some extra money and free up the space.

If patient records are converted to electronic format by imaging them, a provider’s only concern then it to be sure the PHI data is encrypted and access to it is controlled. This is easily accomplished with an electronic document management system or, securing the records within your existing EMR system. Even just doing the conversion part greatly increases the security of your patient records. You can make as many backups as you would like with digital records and store them away in a safe, controlled place – a tiny one at that. A secure cloud hosted solution is another option. There are many advantages with whichever electronic solution you use in comparison to the old way, but security of patient records is the greatest incentive.

This free website was made using Yola.

No HTML skills required. Build your website in minutes.

Go to www.yola.com and sign up today!

Make a free website with Yola