It has become a bad routine. A new week, another data breach report in the news. The recent breach reported by Community Health Systems Inc., affected 4.5 million patients! This data breach parade isn’t likely to stop soon. Healthcare organizations big and small continue to lose confidential patient data at an alarming rate, resulting in serious consequences for them and their patients. It is therefore vital that skilled nursing homes (SNFs) take adequate steps to protect confidential patient information as they transition their business from the paper to the digital world.
The HIPAA Security Rule requires healthcare organizations and their business associates to protect the confidentiality, integrity and availability of their electronic protected health information (ePHI) at rest (stored) and in motion (transmitted). It is a common misconception among healthcare organizations to assume that they are HIPAA compliant and/or their ePHI is secured if:
Nothing can be further than the truth. First of all, technology is not HIPAA compliant, organizations are! This means that SNFs need to use the technology in a secure HIPAA complaint manner. Second, ePHI does not reside only in the EMR. It is also in emails, in documents and images on computers, servers and mobile devices like laptops, cell phones, tablets and USB memory sticks. Healthcare professionals are also using texting and online file sharing services to conveniently share confidential information. Any of these avenues can potentially be the cause of a major data breach.
Conducting Your Skilled Nursing Facility Risk Analysis: Last year, HIPAA privacy, security and breach notification rules were made applicable to healthcare providers, payers and clearinghouses. The HIPAA Security Rule establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by a covered entity. The Security Rule requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and security of electronic protected health information.