Vice President of Clinical Strategies
In a recent blog, I mentioned my obsession with Tom Cruise. But after doing some research for this article and some personal soul searching, I guarantee I would not go snooping in his medical record if given a chance. The same cannot be said for the 27 staff members at Palisades Medical Center in Bergen, NJ, who accessed George Clooney’s medical record in 2007.
Actor George Clooney and his companion Sarah Larson were injured while riding Clooney’s Harley Davidson motorcycle on Sept. 21 in Weehawken, NJ, according to a local police report. They were taken by ambulance to Palisades Medical Center, where Clooney was treated for a hairline fracture to a rib and abrasions, according to a statement released by Stan Rosenfeld, a spokesman for the actor. Larson was treated for multiple foot fractures, Rosenfeld said.
Hospital spokesman Eurice Rojas issued a statement confirming that 27 employees were suspended without pay for a month for inappropriately accessing Clooney’s medical records. The actor did not want anyone fired over this incident. According to Mr. Google, since then, Britney Spears, Maria Shriver, Farrah Fawcett, Drew Barrymore, and Kim Kardashian have faced the grim reality of their medical records being accessed and, in some cases, shared with the world.
A Refresher on HIPAA
There are only a few places left where most people would think their privacy is protected. Through the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, patient data is protected, and patients have privacy and security around the information. The Rule means that patients must permit healthcare organizations to share their data with other healthcare organizations. However, without a clear strategy and protection around your center’s records, do you really know who has access? Are you doing whatever you can to protect your patients and yourselves? If you are still using paper records, then probably not.
According to hhs.gov, the HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as “protected health information”) and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of protected health information (PHI) and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization. The Rule also gives individuals rights over their PHI, including rights to examine and obtain a copy of their health records, to direct a covered entity to transmit to a third party an electronic copy of their protected health information in an electronic health record, and to request corrections.
The Problem with Paper
Every chart touches many hands from registration through discharge on any given day in the paper world. Anytime that chart or the pages associated with it are on counters, stretchers, desks, and the hands of many clinical and non-clinical participants of their care, how can you be sure that someone not involved in the care of that patient didn’t take a look? The answer is you cannot. There is no question that privacy policies must be rigorously and consistently enforced. One of the best ways to do that is through audit logs.
The Solution is an Audit Log Monitored by an EHR
Electronic Health Records have audit logs for every entry made. The user, date, time, and what was accessed, entered, or revised is known. Audit log checks are part of the standard process in ASCs utilizing EHR technology. If your center is not using an EHR to document patient care, are you really prepared to suspend or fire already limited staff for peeking at charts where they are not caregivers? It would be best to put safeguards in place to prevent curiosity from getting the better of quality staff and protect your patients from a devastating loss of privacy and comfort as they heal. The care you give is not just physical but to their entire being.
Don’t miss out on the good stuff – Subscribe to HST’s Blog!
Every two weeks we’ll email you our newest blog posts. No fluff – just helpful content delivered right to your inbox.