I recently spent quite a bit of time on a med-surg floor and was shocked to hear medical staff discussing patients by name while standing in the hallway. Contrast this with the hyper vigilance which is brought to bear by medical administrators and vendors attempting to go by the letter of the law regarding protecting patient health information.
NEMT still receives emails from clients containing identifying demographic data on patients. Even an immediate response pointing out the impropriety seems often not to be understood. And then we have the cyberhacking phenomenon, which appears to be accelerating at a significant rate.
An article from the Institute of Critical Infrastructure Technology entitled Hacking Healthcare IT in 2016 states “Since 2009, the annual number of cyber-attacks against the healthcare sector has drastically increased; often the number of attacks exceeds the previous year’s count by at least 40%.”
So, why the disconnect with folks sitting behind a desk sending PHI in an unsecured email and hospital personnel discussing PHI within earshot of others? I don’t know the answer to that question but better and clearer communication might be the start of a solution.
No related posts.