Understanding PHI - Upstream & Downstream EMR Industry

By Tessa Boudreaux

Today, while giving my brain a break, I was working an HIT in a Turk site. This HIT was medical transcription and I was deciphering the doctor’s scribbles. I passed window after window, until I clicked to a window the had written: DL ###. I was perplexed.

After looking for additional information on the HIT provider and alerting the Help staff at the Turk site, began to get a feel for perhaps how little we understand about HIPAA and the 18 identifiers that are protected. Upon further investigation, the Turk provider was a document shredding company. It was clear to me, given my extensive paper to EHR conversion background that this was a migration from paper charting to EHR. Possibly the provider was ‘old school’ and had refused to migrate to discrete data capture within the medical organization’s EHR system. The medical record was in the process of being converted and someone had the excellent idea to outsource the transcription for pennies on the keystroke. This is perchance where they made a very costly mistake. Any of the identifiers in the image above are considered enough to identify the patient, hence the word identifiers. They are protected. Only staff who need access to these identifiers to complete their tasks should be allowed access. Further, at the level of the medical provider and the shredding service, staff must be trained in HIPAA. This must be documented by the HR department. The shredding vendor is not “free” of the privacy extended to patients under the arms of HIPAA. Further, the online site, offering the HITs is also liable under HIPAA’s HiTech, which extends the culpability for breaching patient privacy.

Each organization is responsible. As is each employee. As am I. I rejected those HITs. I checked three, all three contained DL#s, and I sent an email alerting the company and the vendor. But let me take it a step further. HIPAA’s HiTech has some teeth, and they are not just for the corporations. While hospitals have been fined millions of dollars for breaches in privacy, individuals can also face civil and criminal penalties for breaching privacy. This means jail time. While many people still do not understand HIPAA privacy, it is necessary from an organizational level and a personal level to understand rights to privacy, beginning with the 18 identifiers.

Press Releases

Press Ganey automates reporting and incorporates Epic nursing quality data

Digital Threads And Twins: The Prospects For Tailored Healthcare

Technology-driven healthcare gap closure: IntriHealth spearheading the healthcare revolution in emerging markets

Federal Plan to Enhance Data on Electronic Health

Articles

Press Ganey automates reporting and incorporates Epic nursing quality data

Digital Threads And Twins: The Prospects For Tailored Healthcare

Technology-driven healthcare gap closure: IntriHealth spearheading the healthcare revolution in emerging markets

Federal Plan to Enhance Data on Electronic Health

Events Calendar

Events

Understanding PHI – Upstream & Downstream

Press Releases

Articles

Events Calendar

Events

You may also like