CINCINNATI, Jun 14, 2010 — According to the 2010 Healthcare Information and Management Systems Society (HIMSS) Analytics Report: Security of Patient Data, the number of healthcare organizations that reported a breach in data security increased by 6 percent in 2010, totaling 19 percent. As more healthcare organizations migrate to electronic medical records (EMRs), it’s important to take the proper steps to reduce risk and prevent medical liability suits. In conjunction with Healthcare Risk Management Week taking place June 14-18, Cintas today issued top tips to help healthcare organizations protect the privacy and security of health information while remaining compliant with government standards using EMRs.
Cintas’ tips for maintaining secure and compliant EMRs include:
1. Collaboration. The most successful, secure medical healthcare record programs are the result of a collaborative process. Smaller healthcare organizations must include relevant senior staff members to develop and execute a successful program.
2. Digitize information. Digitizing healthcare records is the first step to ensure compliance with evolving industry regulations. By partnering with a vendor that provides secure document imaging and scanning services, physicians and clinicians will have real-time access to a patient’s entire medical history. Further, healthcare organizations will increase security through unique user identification to prevent unauthorized access and minimize risk of regulatory exposure, fines and penalties.
3. Create a strict security policy with password restrictions. Ensure authorized staff members have their own passwords and are unable to share. This will ensure an accurate audit trail if an incident is to occur. It’s also important to limit access to records. Create different levels of security based on the job functions of staff members. Only those working directly with the patient should have the ability to modify records.
4. Protect healthcare records throughout their entire lifecycle. Since medical records require long-term retention with a low volume of retrieval, it’s important to utilize a secure document management provider that has the capability to protect patient data information from the cradle to grave. By selecting a vendor that provides imaging, storage and shredding services, a healthcare organization can ensure both their electronic and physical medical records live in a secure environment and can be properly destroyed if required.
5. Train staff regarding proper documentation and retention practices. Incomplete and improper documentation and retention may lead to damaging financial and compliance issues. In addition, a staff member associated with improper documentation may be held liable in a malpractice case. To protect oneself, the organization and staff against allegations of negligent care and compliance violations, it’s important to provide continuous training to ensure that files are always complete, securely maintained and properly destroyed if required.
6. Have a disaster recovery program in place. Catastrophic events can and will take place. It is critical to ensure a hospital’s digital repository is backed up and can be recreated if necessary.