As regular readers of the qliqSOFT blog are now aware, the HIPAA Omnibus changes have been in effect for just over two weeks. In the wake of the September 23 compliance deadline, HIPAA compliance should be on the minds of most covered entities even more than usual, and rightfully so – HIPAA data breaches not only sacrifice the trust you’ve established with your patients, but also they’re extraordinarily expensive.
Understanding where the risk of breaches is the greatest is the most important step in risk analysis. To that end, Software Advice recently conducted an analysis of breach data. Software Advice, a company that reviews and writes buyer’s guides for web-based medical software, regularly talks to and hears concerns from medical practices. One of those concerns is security: can web-based systems really keep data safe?It’s a valid concern. Entrusting your PHI to “the cloud” or the Internet for safekeeping can feel risky, since you’re storing data “out there” instead of on your own servers. But the analysis Software Advice conducted suggests that the internet is not the biggest threat to PHI. Rather, it’s the people who use the technology themselves.
Of all the reported breaches that impact 500 or more individuals, Software Advice found that only eight percent involved hacking. The vast majority of these breaches involved the theft, loss, orunauthorized disclosure of PHI. And the breached data was most commonly found on paper or unencrypted digital devices.What does this mean? First of all, theft is the biggest risk. Although you can never eliminate the risk of theft completely, there are practical measures you can take to mitigate the risk. For starters, avoid keeping documents or devices containing PHI in unsecured locations. That may sound like a no-brainer, but stolen sensitive documentation from the back of a parked car led to two of the five biggest breaches in history, affecting 4.9 and 1.7 million individuals respectively.
A further step would be to avoid paper altogether. Not using paper means there’s no physical document to steal. Then, of course, you’d need to encrypt the digital devices you used instead. A laptop can be stolen just like a paper file. The difference is that proper encryption measures can make the data on the laptop inaccessible if stolen.Loss is another category that you can take action to avoid. Again, some loss may be inevitable – but loss is usually within your control (or your employees’ control). Many organizations involved in loss-related breaches noted undergoing extensive employee training in the wake of a breach. But why wait? You should regularly and thoroughly train anyone dealing with PHI before a breach ever happens. That way everyone is on the same page when it comes to how important the safeguarding of PHI is to your organization.
The same goes for unauthorized access or disclosure. This category is entirely in the hands of you and your employees. Make sure your employees know (reinforcing through regular training) the boundaries of information that can be accessed and shared. For example, curiosity about a patient is not a valid reason to access that patient’s record. And a juicy medical story is not a valid reason to share someone’s personal health information with a friend.Health IT has given us enough empirical evidence by now to show us that the human element places PHI more at risk than the technology itself. By addressing this head on through rigorous training, covered entities can dramatically decrease their risk of suffering the dreaded data breach.
Krishna Kurapati is the Founder and CEO of QliqSOFT. He has more than two decades of technology entrepreneurship experience. Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges using artificial intelligence (AI)-powered digital technologies across the U.S. healthcare system.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
Discover how digital platforms are revolutionizing community health centers (CHCs) by alleviating staff burnout through automated messaging, customizable patient engagement, and care coordination. By leveraging chatbot-based digital automation, CHCs can reduce manual tasks, increase patient satisfaction, close gaps in care, and improve staff work-life balance. These platforms enable secure texting, virtual visits, and efficient communication, ensuring patients receive timely and personalized care while allowing staff to focus on patient needs and streamline workflows.
Discover the significance of conversational AI in healthcare as it replicates natural interactions between humans and machines, offering personalized and interactive patient experiences. Healthcare providers benefit from automating administrative tasks, answering queries, disseminating information, tracking symptoms, and analyzing clinical data. Successful implementation requires prioritization, agility, measurement, expansion, realistic expectations, and choosing a results-oriented partner.
During their search for a full telemedicine solution, FCN leaders discovered that QliqSOFT brought to the table all types of mission-critical digital patient communications. Though hesitant initially, FCN leaders “decided to take a leap of faith,” Rocha said, explaining that “terms like chatbot and AI made people nervous.”