Health record data breaches are a serious concern for patients and medical facilities. Policies need to be put in place to better protect sensitive patient information.
The advantages of an electronic medical records system are relatively well known. Before electronic health records, the creation and maintenance of patient charts were laborious with an increased risk of inaccurate recordkeeping. Electronic medical records increase accessibility and allows for better communication between multiple healthcare providers and their patient. However, patients and providers must consider the risks of medical record data breaches.
More and more incidences of data breaches are making national headlines. In March of 2017, it was discovered the health records of patients under the care of Virginia Commonwealth University Health System had their information inappropriately accessed for more than three years. Since January 2014, physician groups were able to view patient contact information, medical information, health insurance data, and social security numbers. Employees who accessed the records were terminated, and new safeguards were introduced. This data breach has caused increased industry concern over patient privacy and HIPAA violations.
Electronic health record breaches allow for unauthorized users to view sensitive information. Individuals with serious medical conditions will not want their information shared without their consent. Furthermore, access to insurance data and social security numbers pose a financial risk to the patient. Cases of identity theft have occurred as a result of medical record data breaches. In 2013, a Howard University Hospital employee used her position to sell Medicare numbers she had accessed through the facility’s records system. The employee was eventually arrested and faced federal charges for her crimes.
A patient may have a difficult time resolving any identity theft issues caused by medical record data breaches. Restoring a patient’s credit can be a costly endeavor. Long-term credit monitoring may be required to prevent any future identity theft incidences.
There have also been cases of electronic records being downloaded onto personal computers with the computers then reported lost or stolen. Many electronic records systems are also accessible via mobile devices, which are frequently misplaced or stolen. Family members or friends of authorized individuals may also be using personal devices to view others’ health information. Any kind of health record snooping is an HIPAA violation regardless of intent.
The accuracy of medical records is another concern related to data breaches. If a medical record is authorized unlawfully, a person may change information within the record. These changes could prevent the patient from receiving the appropriate level of care required. If a medical record is deleted, there may not be a backup availability containing the information needed for optimal patient care. Patient safety is then at risk. An organization’s reputation is also compromised.
HIPAA laws have been put in place to protect patient privacy in regards to their electronic medical records. One safeguard put in place is all systems must have an audit function available. The audit function leaves a virtual fingerprint behind to track who accesses each medical record at any given time. Medical facilities have also implemented zero tolerance policies for inappropriate use of healthcare records. For instance, an Arizona hospital terminated employees who unlawfully accessed medical records of patients involved in the 2011 shooting of Congresswoman Gabrielle Giffords.
Security protocols such as data encryption and password protection are also essential to safeguarding electronic health records. Healthcare organizations must frequently change passwords to keep data safe.
Regular log checks must also be implemented for any electronic health records system. The log checks can help facilities spot any irregularities and address them immediately. The goal is to not only stop unauthorized users from getting access to medical records but also receive notifications when these breaches take place.
Ideally, electronic medical records offer the chance for patients to better manage their healthcare. As long as patient privacy is protected, electronic documents may increase the overall quality of healthcare.