Healthcare IT Update

Patients Don’t Trust EHR, Survey Says

Experts emphasize balance between patient care and privacy. Personal health data is less secure now than it was a year ago, according to a recent online survey by nCircle, an IT solutions provider. Almost half of the 257 people who participated in the survey said they are anxious about the fact that multiple partners of their health care providers (i.e., such as EHR vendors and insurers) have access to personal electronic information — increasing the risk of security breaches.

Continue reading...

Remote Workers? Protect PHI With This Sample Document

Don’t have a policy for employees who work with PHI? We’ve got what you need to write one quickly. Your practice has tough decisions to make when allowing employees to handle patients’ private health information (PHI) while working from offsite locations. You may require encryption, you may prohibit them from working on their personal laptops when dealing with PHI, or you may even only allow remote work when it’s done for emergency reasons. But no matter what, you need to communicate your privacy expectations to your employees. Consider this sample document as a guide, contributed by Glenn Allen, information security director with Fairview Health Services in Minneapolis, Minn:

Continue reading...

Got Remote Employees? Get These PHI Safeguards

Health system puts over a million records at risk. If you’ve been putting privacy compliance on the back burner, it’s time to bring it up front again. Investigators are paying attention, and you should, too. Last year, for example, officials of a health system in Connecticut announced that an unencrypted hard drive with about 1.5 million patients’ information on it was stolen, potentially subjecting that protected health information (PHI) to abuse. Stories like this are certainly eyecatching — and add to that the new focus in privacy with the introduction of the HITECH act — and you can be sure that patient privacy is gearing up to take center stage. And with employees taking work home and bringing laptops or cell phones with them to the office, you should be sure that your office’s security is tight. Next: Practical encryption tips …

Continue reading...

5 Steps Tame PHI Breaches

Down, Tiger. These 5 steps can help your health care organization avoid PHI gone wild, as well as those pesky PHI breach notifications that are your worst nightmare. 1. Limit access: Be selective about to whom you grant access — some practices build filters to prevent staff members from access records they don’t need to do their jobs. Example: In multi-specialty groups, consider blocking staff from looking at the patient records of other specialties, says attorney Michael C. Roach. It’s unlikely that some individuals, such as appointment schedulers, need to have access to the EHR at all. Alternatively, you could provide access to certain staff members in a limited data set format, suggests attorney Wayne Miller. Other ways to limit access include positioning terminals out of others’ line of vision and enforcing rules such as locking workstations upon getting up and not sharing passwords.…

Continue reading...