There are both moral and regulatory reasons to protect our patients' privacy.
HIPAA and HITECH, at times, seem to be over the top. The regulations have certainly been interpreted, reinterpreted, over implemented, and a plethora of “saviors” has created an entire industry around them. I doubt some of the extreme responses to fear of enforcement and fear of technology are intentional, but never-the-less, we live with the unintended consequences that make our day difficult at best, impossible at worst.
That said, there seems to be 3 active responses by providers:
- Ignoring the rules.
- Never confronting the problem by never coming out of one's silo.
- Begrudgingly, following the rules, but hurting the patient.
How many times have you heard (or said):
- “I just send an email.”
- “I just send an email, but I asked the patient.”
- “I am the doctor (nurse, therapist), I do what is right, the rules are stupid and don’t matter.”
These are dangerous (to self and patient) responses to an impossible situation. There will be continuing enforcement, and there are easier solutions. We offer a good one.
Review this graphic from OnLine Tech. First, HIPAA audits are funded. $9.2 million to KPMG for 150 audits and $182,000 to Booz Allen Hamilton for Audit Candidate Identification. The funds come from the Office of CIvil Rights. Completion date is 12/31/2012.
The most common types of covered entities that have been required to take corrective action to achieve voluntary compliance are, in order of frequency:
- Private Practices;
- General Hospitals;
- Outpatient Facilities;
- Health Plans (group health plans and health insurance issuers); and,
Most of these are easily solved. If one removes the simple Physical causes (77%), then the risk of violation is now left to Hacking (6%) and Unauthorized access/disclosure (16%) and unknown at !%. No one is immune from hacking, although ClickCare works hard to protect against that. No one has to use email and risk enforcement, and as you see above, it is the small guys who top the list.
The message here:
- This is real.
- This is significant.
- This is avoidable.
We owe our patients more than protecting ourselves by opting out. There is an inexpensive and easy solution.