Although medical facilities have only the best intentions for the wellbeing of their patients, there are considerations beyond the physical care of the patient that need to be addressed by the healthcare industry.
The issue of privacy and security in regards to a patients’ personal identity and medical records, as well as their financial and insurance information, is an area that is often discussed in relation to HIPAA compliance.
Beyond HIPAA
But what about the security of this data while it’s in transition between care facilities, or between medical and administrative personnel working for different providers?
Think about it. There is an exchange of medical records and personal information every time a patient moves between:
- ambulatory care and an emergency room
- a hospital to a nursing home
- a hospital to an independently operated surgery center
- the emergency room to a different hospital in order to stay in-network for their insurance benefits
- primary care physician and a specialist
Sharing patient information outside of a single hospital system to another facility or provider is both difficult and costly because of HIPAA regulations. In 2012, a Massachusetts provider was ordered to pay $1.5 million to the U.S. Department of Health and Human Services when it was found in violation of HIPAA.
The EMR Challenge
Sharing patient information between care providers is an essential part of the healthcare landscape, but it’s currently a challenge, in part, because of the fact that there is not a universal electronic medical record (EMR) system.
Each hospital network, insurance company, doctor’s office, ambulance company, governmental agency, and pharmacy uses their own software and systems to track their patients’ medical history and personal/financial records.
The fines associated with the improper revelation or transfer of a person’s medical files are steep and infractions can result in law suits being filed against the person or organization who sent the files, not the entity who receives and subsequently loses it.
This is why all healthcare providers need to employ a secure file distribution and tracking strategy to manage files in a way that not only enforces HIPAA rules, but also protects against civil or criminal filings by patients who have their identities and/or medical files revealed in a breach.
Bridging System Gaps
When vetting out secure file sharing solutions, healthcare administrators need to look for a solution with capabilities that fit the unique challenges the medical industry faces.
Does the solution:
- Stream content through a secure cloud to avoid the saving of files on individual devices and hard drives?
- Seamlessly integrate into the existing legacy systems in use at your facility?
- Allow for remote termination of content either on-demand or by scheduling an expiration date?
- Limit the type and number of devices a user can view content on, to eliminate the issue of personnel sharing login credentials?
- Restrict printing, saving and forwarding of messages and attachments?
- Embed dynamic watermarks into content of all types (PDFs, videos, Word docs, etc.)?
- Tell you who viewed a file or video? And when and for how long they accessed the material?
- Show which device someone opened content with and where (geographically) they accessed the file?
- Send an alert if a recipient forwards, saves or prints the material (if that permission was granted?)
While the issue of sharing sensitive medical data between all parties involved in the care of a patient is fraught with challenges, there are solutions available currently to help bridge the current EMR system gap and keep your organization within compliance of HIPAA and other state and federal laws.
Download this fact sheet to learn the 5 content control features you need to keep patient records safe.
