Frequent reports of the apparently careless handling of patient medical records raise questions about the HIPAA compliance of some healthcare providers. The Health Insurance Portability and Accountability Act was introduced to protect sensitive patient data, and any entity that handles PHI (protected health information) has to make sure that the most stringent security measures are in place and scrupulously followed. When storing medical records or using them for purposes such as medical record review, safeguarding data is of utmost importance. However, instances of the failure to follow this cause great concern.
The most recent news regarding this highlights how a Florence man found thousands of medical files from a Virginia doctor’s office thrown carelessly into a dumpster. The man was shocked to find that one of the sheets clearly said “confidential.” This is rather appalling because the records contained addresses, phone numbers, birth dates, and social security numbers of the patients; anyone could use these to impersonate that person. These particular patients turned out to be lucky because their records were found by an honest man who immediately reported the finding. If these had been found by a criminal, it would have resulted in a very serious problem. What puzzles the police is how the medical records from the clinic in Virginia ended up states away in Florence. The doctor in question could not be tracked down so far.
This incident is a stark reminder for providers who may be inadvertently careless about the sensitive data that come into their hands. There are some points to keep in mind when dealing with medical records.
- All medical records, whether computer-generated or handwritten notes, X-rays, blood test results, correspondence, slides, photos and theater records have to be stored securely and confidentially. They should be protected against accidental loss, damage and corruption.
- Regular backups must be surely made and if possible these should be stored at a different site.
- Before destroying, all records must be carefully reviewed. It is best to retain patient records if there has been a complaint or untoward incident associated with them.
- Most importantly, when disposing of medical records, it should be done in a way that safeguards patient confidentiality. Paper records can be shredded. When it comes to electronic records, ideally get the assistance of professionals to delete the data entirely from the hard drive.