As we are pushed to put all of our medical records in electronic form, we open ourselves up to new issues.
This headline is what we can expect to see more of in the future:
GE Healthcare Admits Sending NHS Patient Data To US
NHS IT Provider says 600,000 patients have no need to worry
Whoops. I especially like the “no need to worry” statement.
As our records become electronic, more mishaps will occur.
The last bit of the above mentioned article goes on to add these confidence building statements:
“The ICO has previously labelled the NHS as the worst offender of data breaches in the UK…”
The NHS is the National Health Service.
“However the warnings were evidently not heeded and didn’t stop the Surrey and Sussex Healthcare NHS Trust from losing the confidential records of 800 patients on an unencrypted USB stick in October last year.”
Right now in the USA, we have a big hoo-haw going on with how some GSA staff members (bureaucrats) have been having all sorts of fun on tax payer money. Typically the repurcussions to a government bureaucrat of screwing are minimal…so they don’t seem to care much if they screw up. If the UK is any example of what would come if we allow all medical records to be assimilated in giant databases, then look out.
What is a Doc to Do?
I’m all about risk reduction. So that you don’t get embarrassed by a breach, or worse fined AND embarrassed, you need to make sure your office operates in a HIPAA compliant manner. Many of you think you already do…and most of you are wrong.
Especially if you have recently stood up an EHR, you need to approach this as if you are not compliant (even if you think you are), and take a good hard look at your situation to see where you really stand.