Securing paper in a digital world
Briefings on HIPAA, August 1, 2016
This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on HIPAA.
Paper records persist despite healthcare's steady move to purely electronic documentation. Although paper records are simpler to secure than electronic records in some ways—you can't phish your way into a locked file cabinet—they also can't be encrypted. If a paper record is left out on a desk, there's little that can be done to prevent an unauthorized individual from reading it or even taking it. Papers can easily be misplaced or lost. They can be mixed up with another patient's records—or other unrelated papers—on a desk or be put back in the wrong file. And papers can all too easily fall unnoticed out of a file while being taken from one place to another.
Paper is still generated at multiple points, from new patient information forms to medical records that must be printed in part or whole if another provider's EHR system isn't interoperable. Keeping track of paper and ensuring it stays secure remains a challenge for privacy officers, but it can be managed through sound policies and alert staff.
Medical records that exist only on paper and are not digitized will be kept in a folder system. Staff may need access to these records for reference or to make copies, Ruelas says. That means paper records can pass through many hands throughout their lifetime, leaving them vulnerable to simple breaches.
Despite the security headaches caused by electronic information, electronic files can be protected against casual viewing by unauthorized individuals through proper encryption. Paper has no such protection, Frank Ruelas, MBA, principal of HIPAA College in Casa Grande, Arizona, says. "Paper records, unlike electronic records, are immediately readable," he warns. "One doesn't need an electronic interface along with a login and passwords."
You also can't easily track paper and log how many people have looked at it. An electronic file may leave a trace even if it's deleted, but a missing paper won't be noticed until someone actually goes looking for it. "Unlike electronic systems, paper documents can be seen and taken by someone without leaving a trace," Kate Borten, CISSP, CISM, HCISSP, founder of The Marblehead Group in Marblehead, Massachusetts, says. And although electronic records are more likely to be involved in large-scale breaches, there can still be paper record breaches involving thousands of patients, she says.
This is an excerpt from a member only article. To read the article in its entirety, please login or subscribe to Briefings on HIPAA.
Related Products
Most Popular
- Articles
-
- CMS seeks comment on quality measures
- Practice the six rights of medication administration
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Nursing responsibilities for managing pain
- ICD-10-CM coma, stroke codes require more specific documentation
- OB services: Coding inside and outside of the package
- Q&A: Primary, principal, and secondary diagnoses
- Clearing up the confusion: CPT codes 76376 and 76377
- CMS creates web portal for questions about 1135 waivers, PHE
- E-mailed
-
- Coronavirus vaccination: 4 best practices for communicating with patients
- Grievances, Complaints, and Patients’ Rights
- Including 46600 in E/M leveling systems
- How to get reimbursed for restorative nursing
- Five keys to creating a CHF disease management program
- Fetal non-stress tests represent important part of maternal and fetal health
- Coding, billing, and documentation tips for teaching physicians, interns, residents, and students
- Coding tip: Know how to correctly code each procedure an otolaryngologist can perform on turbinates
- Coding Clinic reiterates guidelines for provider documentation
- CMS creates web portal for questions about 1135 waivers, PHE
- Searched