In our work with forward-thinking eye doctors, we commonly encounter questions like:
- Does your software run on the iPad?
- Can I use a tablet PC?
- Is e-prescribing connectivity available for my PDA?
While these are valid questions, they are often driven by a consumer mindset or perhaps by applications within healthcare that are more simplistic than what we encounter in the full scope of eye care. We've all seen the ads on TV about sending everything to the cloud and, of course, how dead simple it is to record all necessary health information on a tiny handheld device.
This week, we received a chilling reminder of the flip side of that magic and convenience: breach of ePHI through mobile devices. (See a link to the full story below.)
"The Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (MEEI), will pay $1.5 million to the Department of Health and Human Services (HHS) for potential violations of the HIPAA Security Rule."
In the event ePHI is a new acronym, it means "electronic Protected Health Information". As we've discussed in recent posts, EHRs are doing a great job of helping us document patient health information, and the next step is to start communicating it among health care providers. Unfortunately, as acronyms go, it's easy to miss the fact that the P in PHI means "Protected" not simply "patient".
How well do you protect health information? Does your statement of HIPAA practices extend past that patient consent signature? Do your office computers have automatic log-offs? Are your mobile devices password protected? Do staff members use Instant Messenger for in-office or personal communications while at work?
At EMRlogic, since we have access to ePHI, we are held to the highest standards of accountability. Conducting annual HIPAA-HITECH security assessments and all-staff security awareness training is an expensive undertaking, one that can easily be allowed to slide. But oh what an economy relative to an ePHI violation, even a potential one!
How about your own business? Are you in good shape or running an uncalculated risk? Chances are high that you haven't gone far enough with the way you protect health information. May I humbly suggest you click here, read the full story on MEEI, think it through and, as they say, "if the shoe fits, wear it." Take steps this week to protect yourself as well as your patients.
Alistair Jackson, M.Ed.