Submitted by Bob Larrivee, Director/Industry Advisor
Not long ago I wrote about what at the time was the newly released mandate from the current Administration that all patient records must be digital by 2014. Shortly thereafter I wrote about how Health and Human Services came out with another mandate related to the reporting of patient security breaches. (I will be discussing Digital Patient Records in my session next week at AIIM 2010 in Philadelphia.) In preparing for this event, I went back to see how things are in the world of security breaches and visited the HHS site that reports breaches.
This site identifies those who have reported a breach affecting 500 or more individuals and began several months ago. As of today, there are more than 55 facilities listed representing over one million people whose private information may have been inappropriately accessed by unauthorized personnel. The locations of where the breaches range from paper to email to laptops and servers. In some cases it is the HealthCare facility itself at fault while in others, it is associated business partners. The form of breach also varies from theft, to incorrect mailings with many citing theft or unauthorized access as the cause.
In my view, going digital is not the only solution to patient record security. Organizations must have better control over both digital and physical information which means stronger governance policies and more frequent auditing or monitoring to ensure security is maintained. To a degree, this supports the move to digital for when combined with the tools found in Business Process Management (BPM) and Enterprise Content Management (ECM) environments, records and information are tracked to monitor and report all activity. These systems do not take the place of governance but act as tools in support of governance policy and serve to enforce governance policies. While they will serve well in protecting patient information, there is still the human factor that requires regular training on policy, process and technologies used to secure your information.
I hope your provider is not on this list and that they are taking the steps needed to establish a secure environment that combines their Electronic Health Records (EHR) system with other technologies to control and manage all of the information about you and how it is moved through the organization in a safe a secure way.
What say you? Are you a HealthCare provider who is addressing these requirements today? Are you a patient who has fallen victim to a security breach? Do you have a story to tell? I want to hear from you.
Looking to learn more about intelligent information and process management?
Join us for the BPM Certificate course in:
San Francisco 05/25/10 - 05/28/10
Join us for the ECM Certificate course in:
San Diego 05/04/10 - 05/07/10
Denver 05/18/10 - 05/21/10
Calgary 05/25/10 - 05/28/10
Silver Spring 06/08/10 - 06/11/10
Houston 06/15/10 - 06/18/10
We look forward to seeing you there. Do you have several individuals who need training? Contact us to find out how a private class can save you on registration costs.
Bob Larrivee – AIIM firstname.lastname@example.org