Due to stringent laws protecting sensitive medical information, hospitals and other healthcare providers are scrambling to address their security shortfalls as well. HIPAA, HITECH, and other regulations have forced organizations everywhere to reexamine their healthcare document management and security measures. Failure to safeguard Protected Health Information (PHI) could result in being listed on the infamous data breach “wall of shame.”
But even the most secure fortress has internal security threats. Printers and queues should be configured to prevent unauthorized users from viewing queued print jobs. Enterprise output management software simplifies configuration tasks while providing administrators powerful audit tools to detect and deter unauthorized document access. The saying “trust but verify” definitely applies to healthcare information.
Perhaps the easiest document to protect is the one never printed in the first place. Instead of distributing a print job to a user’s nearest printer, a company can distribute access to a protected electronic copy via an email link. By requiring users to “view first then print” or “view instead of print,” IT organizations can electronically track document access while reducing the cost of paper and other consumables.
Breaches of privacy and confidentiality not only may affect a person’s dignity, but can cause harm. When personally identifiable health information, for example, is disclosed to an employer, insurer, or family member, it can result in stigma, embarrassment, and discrimination. Thus, without some assurance of privacy, people may be reluctant to provide candid and complete disclosures of sensitive information even to their physicians. Ensuring privacy can promote more effective communication between physician and patient, which is essential for quality of care, enhanced autonomy, and preventing economic harm, embarrassment, and discrimination. However, it should also be noted that perceptions of privacy vary among individuals and various groups. Data that are considered intensely private by one person may not be by others.
American society places a high value on individual rights, personal choice, and a private sphere protected from intrusion. Medical records can include some of the most intimate details about a person’s life. They document a patient’s physical and mental health, and can include information on social behaviors, personal relationships, and financial status. Accordingly, surveys show that medical privacy is a major concern for many Americans.
In a 1999 survey of consumer attitudes toward health privacy, three out of four people reported that they had significant concerns about the privacy and confidentiality of their medical records. In a more recent survey, conducted in 2005 after the implementation of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, 67 percent of respondents still said they were concerned about the privacy of their medical records, suggesting that the Privacy Rule had not effectively alleviated public concern about health privacy. Ethnic and racial minorities showed the greatest concern among the respondents. Moreover, the survey showed that many consumers were unfamiliar with the HIPAA privacy protections. Only 59 percent of respondents recalled receiving a HIPAA privacy notice, and only 27 percent believed they had more rights than they had before receiving the notice. One out of eight respondents also admitted to engaging in behaviors intended to protect their privacy, even at the expense of risking dangerous health effects. These behaviors included lying to their doctors about symptoms or behaviors, refusing to provide information or providing inaccurate information, paying out of pocket for care that is covered by insurance, and avoiding care altogether.
Document security measures are no longer a luxury, but a necessity. Leveraging the secure printing capabilities of a true enterprise-class output management solution can help healthcare providers safeguard their patients’ PHI… and their own reputations.