It’s hard to imagine anything more personal than a patient’s health information. Yet we constantly hear unnerving stories of how this intimate data winds up being accessed by or even inadvertently distributed to the wrong people. Many of these incursions go unnoticed by the general public, but they can have a profound impact in the lives of those directly involved.
Healthcare organizations are bound by HIPAA law to control access to patient information. They are further required to administer a risk management program. Compliance to these mandates is typically achieved through a combination of technology and internal procedures, but all too often incidental disclosures to unauthorized parties still occur.
Recently, my thirteen-year-old son got a voice mail from a healthcare provider giving him the details of all “his” test results that “he” just had and instructing him that he needed to call to make a follow-up appointment. Well, my son had only had the phone for about three weeks and it most obviously wasn’t his appointment. However, he now knows all of this person’s information from having their old telephone number: Their name and address, what’s wrong with them medically, and the results of some of their tests. This is just one example of the kind of incidental disclosure that can happen without the proper controls in place.
Taking care to not disclose patient information is critical to the success of any healthcare organization. In the following video clip, I talk about the security issues I commonly run across in the healthcare setting, as well as actionable tips for preventing their occurrence.