Patient Confidentiality and the Clinical Documentation

Breaches in patient data by the clinical documentation industry shine an uncomfortable light on the industry and when stories surface (Slip puts Patient data on the Internet) of lapses in security relating to a transcription company they should be a wake up call to all the participants in the production of clinical documentation (read medical transcription companies, transcription editors, technology and infrastructure providers etc).

In this instance the patient was seen by Northeast Orthopedics in NY and they outsource their transcription to MRecord based on Raleigh NC who offer both technology and outsourced transcription solutions. Northeast Orthopedics rightly posts a letter on their web site (Letter to our Patients Regarding Patient Confidentiality) getting front of the issue, notifying their patients of the possible breach, apologizing and providing contact information for anyone who has a concern. But surprisingly there is no statement on the web MRecord web site regarding the security breach and while I could find some legal notices they were all about the protection of their solution and usage and nothing regarding the security breach......I suspect no plan in place for dealing with such an issue and a lock down the hatches mentality that often permeates when such mistakes happen.

Like every advancement in the history of mankind it can have good and bad uses. The internet is no exception. I am sure most of us would find it hard to imagine our business and personal lives without the ready access to information. Those weighty tomes - Yellow Pages were relegated to the recycling bin in our house (after passing through a quick session on learning how to tear them in half) once we realized that searching the internet was faster and more relevant. But that same relevance and ease of searching provides instant access to everyone on for all sorts of information. In this instance it was a chance finding on the part of a relative searching for condolence messages for her deceased daughter.

So if your belief is that your security and confidentiality is fine in part because no one would be interested in the data your company deals with - think again. The internet is a great leveler - it only takes one person and that information can then be instantly available to everyone else on the internet. Google just makes that even easier with its constant searching and compiling of information on the internet.

In the medical documentation industry we are dealing with confidential data every day - imagine this was your data and treat it accordingly. Use this as a wake up call to review your security and data practices and take the time to prepare a PR Disaster plan with the expectation that you will never need it.

How is your security? Have you ever had a breach or seen a breach and if so what was your feeling about it?