With a major hack of an insurance company’s database having made front-page news not long ago, it’s natural that many physicians think first about electronic data when they think about protecting patients’ private health information (PHI).
However, low-tech violations of patient data actually occur far more often, have the potential to cause harm and, sometimes—though very rarely—incur serious penalties. So-called visual hacks can occur when employees leave paper records on a desk or allow a monitor to be casually seen. Such low-tech slips occur often, and they warrant both concern and preventive action.
Luci Belnick, MD, who independently practices internal medicine in Orlando, Florida, acknowledges how easily slips can occur.
“When you bring the next patient into your exam room, once in a while, you might have left the last guy’s note open” on the monitor, she says. “I try not to, but once in a while it happens.”
In 2011, an employee of a physician group associated with Massachusetts General Hospital left a file holding paper records of 193 patients, many with HIV/AIDS, on the subway. The hospital paid a $1 million fine.
Further reading: Tips to improve cyber security and protect your practice's finances
Belnick says she spends about 20 hours weekly updating medical records. She notes that for doctors who have long commutes on busses or trains, using that time for record-keeping may be unavoidable.
She has worked on patient records on airplanes, she says, folding a magazine over the top of her laptop to block the patient’s name from her seatmate’s view.