Texting patient information is forbidden at Dr. Brasington’s hospital. So, too, is using personal cell phones to take pictures of patients. In reality, he says, these kinds of policies have not been onerous, although he recognizes the challenges that some of the more complex IT requirements may present to smaller practice physicians.
“We need to be careful about protecting patient confidentiality,” he says. “I think in many respects, the intent of HIPAA was to do what most health professionals thought we were doing anyway, which was protecting patient information.”
For More Information
Additional suggestions for avoiding breaches of patient information and being prepared in the event of an audit—and remember, audit notification will come via email—can be found on The Rheumatologist’s website.
Kelly April Tyrrell writes about health, science and health policy. She lives in Madison, Wis.
References
- Cybersecurity: The protection of data and systems in networks that connect to the Internet/10 best practices for the small healthcare environment. Chapter 2. HealthIT.gov. 2016 Jul. https://www.healthit.gov/sites/default/files/basic-security-for-the-small-healthcare-practice-checklists.pdf.
- Murrin S. OCR should strengthen its oversight of covered entities’ compliance with the HIPAA Privacy Standards. Department of Health and Human Services Office of the Inspector General. 2016 Jul. https://oig.hhs.gov/oei/reports/oei-09-10-00510.pdf.
