subject: Study: Patient Data Breaches Often Tied to Unqualified Vendors [print this page] Study: Patient Data Breaches Often Tied to Unqualified Vendors
Some of the most highly-publicized information breaches in the United States occur due to vendor negligence, according to Dark Reading, a leading IT security journal.
The study examined vendor relationships among medical practices in 2010, underscoring the importance of choosing a medical records vendor capable of not only fulfilling your EMR back scanning projects, but properly securing confidential patient information protected under HIPAA and HITECH regulations.
Aside from loss and/or theft of information storage devices on behalf of the staff at a number of the healthcare provider companies, the largest breaches occurred when more trust was placed in the vendors hired than was warranted, according to the study. In all cases, the breaches illustrated were easily avoidable.
Forgetting to ask the right questions before selecting a medical record scanning company can mean major fines and feasible closure of your medical practice. But regrettably, this happens far too often. Since the Department of Health and Human Services has broadened the definition of a "covered entity" to include fundamentally anyone who has access to your patient files, HIPAA and HITECH violations are definite to follow even the most cautious medical practice.
Even the Largest Health Providers Fall Victim
Despite what some healthcare consumers may think, a number of the largest medical insurance companies in the world still suffer seemingly catastrophic information breaches that would otherwise get left under the radar and by default, the growing scope of the United States Department of Health and Human Services' HIPAA enforcement function.
Now that mandatory HIPAA information breach reporting requirements are in effect that requires a "covered entity" to disclose all information breaches occurring within their organization that involves 500 or more individual patient records, the publicity surrounding healthcare information breaches is becoming far more common. But as the story points out, the companies are still lax in their revision of security procedures as we pertain to patient information.
How to Protect Your Patients (and Your Practice)
There's a common assessment that many doctors and healthcare companies follow when selecting a long-term vendor to assume electronic medical record processing and storage. But a healthy dose of common sense prevails when it comes to managing your back scanning operation. First, you ought to look at the back-scanning method as a separate but equally important function of your medical practice. That is to say, give as much attention to your scanning procedures as you would your patient care protocols.
Query the So-Called "Specialists"
With the Federal Government providing financial incentives to medical practices that adopt electronic medical records before 2014, money making opportunities in the back scanning business are plentiful. That means lots of vendors specializing in document duplication and scanning are entering the EMR back scanning marketplace. When evaluating a seller to handle your EMR transition, be cautious of fly-by-night vendors.
The method of scanning a document is easy. But managing the information contained within a patient file is not. That is because scanning an ordinary document lets you save and store it in a variety of ways. But HIPAA-protected documentation requires strict encryption and highly-specialized information expertise functions usually outsourced by most medical providers.
The move to electronic files is not as simple as scanning and saving. The IT function, and how you manage those who manage it, becomes the front line in protecting patient data during the electronic medical record scanning and storage process.
