When I was growing up, my parents had a traditional mailbox in front of their house. It was an aluminum box painted with flowers that sat upon a wooden post. I can still recall looking out the window and knowing that the mail person had come and gone because the outgoing flag was no longer raised. Today, the cutesy mailboxes are a thing of the past. In fact, their mass exodus has led to the influx of boxes that have physical lock and keys. Why? Not to be dramatic, but it’s because your mail is not safe, and if you are sending or receiving medical records and images through that very mailbox, you’re at great risk.
“Mailing Errors” Will Cost You Big Time
HIPAA compliance isn’t something that you get all excited about. It’s cumbersome and at times frustrating; but, it’s there for a reason. Everyone can probably agree that confidentiality is huge when discussing and sharing private health information. So, you can call it human error or a software glitch, but when records get to a location other than where they were intended to be delivered, it’s pretty embarrassing for all parties involved. You might think that such things are anomalies of the past. I mean it’s 2018! Surely, we have evolved enough to avoid such situations where confidentiality is mistakenly breached? Well, indeed it is 2018, and this year alone there have already been many “mailing errors” which have costed institutions upwards of $1M in fines.
In fact, look no further than the HIPAA Journal and you will find that Mailing Errors have affected anywhere from 12,000 - 81,000 individuals. On top of the settlements paid out to the patients, HIPAA fined these institutions $575,000 and $1,150,000. That’s just 6 months into this year! While the number of fines associated with such circumstances has dipped, the problem still remains - practices around the nation and the world continue to trust PHI in the mail.
What’s The Solution?
It’s not as simple as saying that we need to eliminate all physical mail and only stick to virtual sharing of medical records and imagining. Reason being, technology is fallible as well. However, there are some precautions you can take when transitioning from mailboxes to inboxes.
- Talk to your PACS vendor. Ask them what measures they take to ensure that all information you share via the Cloud is actually secure. If they have a business associate agreement (BAA), that’s a good sign.
- Fortify your passwords. Don’t have an easily hackable platform. Keep away from user name - password combinations of “admin”, “password123”, social security numbers, phone numbers, date of births, or anything else that can easily be compromised.
- Log out. It sounds simple enough, but you would be surprised as to how many people forget to click that one button. If you have a local hospital PACS, it is possible you are logged in at multiple stations. This puts you and your patient’s data at great risk. Anyone can sign on as you and...well the rest we will leave to your imagination.
Most folks have transitioned from getting their bills in the mail to viewing them virtually. They don’t want their mail lost, and they want the convenience of a secure platform that they can control versus the uneasy feeling of not knowing when your package will get to its intended destination. Overall, sending records in the mail is just asking for trouble. However, don’t make a rash decision and go virtual without doing your homework and ensuring that your solution is in fact HIPAA compliant. If it isn’t, there is nothing stopping you from becoming a healthcare data breach statistic.