It has become a bad routine. A new week, another data breach report in the news. The recent breach reported by Community Health Systems Inc., affected 4.5 million patients! This data breach parade isn’t likely to stop soon. Healthcare organizations big and small continue to lose confidential patient data at an alarming rate, resulting in serious consequences for them and their patients. It is therefore vital that skilled nursing homes (SNFs) take adequate steps to protect confidential patient information as they transition their business from the paper to the digital world.
The HIPAA Security Rule requires healthcare organizations and their business associates to protect the confidentiality, integrity and availability of their electronic protected health information (ePHI) at rest (stored) and in motion (transmitted). It is a common misconception among healthcare organizations to assume that they are HIPAA compliant and/or their ePHI is secured if:
- They use HIPAA compliant technology and/or;
- They do not have an EMR (electronic medical record)
Nothing can be further than the truth. First of all, technology is not HIPAA compliant, organizations are! This means that SNFs need to use the technology in a secure HIPAA complaint manner. Second, ePHI does not reside only in the EMR. It is also in emails, in documents and images on computers, servers and mobile devices like laptops, cell phones, tablets and USB memory sticks. Healthcare professionals are also using texting and online file sharing services to conveniently share confidential information. Any of these avenues can potentially be the cause of a major data breach.