Privacy cracks can happen in unexpected ways. New tools can avert costly slipups
A patient e-mails your hospital for directions to the outpatient department. Not much of a Health Insurance Portability and Accountability Act issue there, right? What if he also writes that the visit is to discuss his HIV test results?
For large health systems with sophisticated systems to secure electronic files and communications, such an exchange may not pose a problem. "The challenge we have in health care is, what about everybody else?" says Bill Crounse, M.D., director of provider business for Microsoft Corp. "Eighty percent of health care is delivered in settings that aren't large integrated systems."
HIPAA requires that hospital risk managers, IT directors and others who handle health information--including e-mail and instant messages--apply reasonable and appropriate safeguards to protect against disclosure.
The law sets stiff penalties for infractions. It has been a daunting task that's kept many providers from using the efficiency of e-mail to communicate with patients. Now, technology that prevents breaches of privacy without bogging down communications and workflow is becoming more available.
Winona (Minn.) Health uses an "e-visit" software module from Cerner Corp., Kansas City, Mo., that allows patients to log on to a secure Web site to communicate with their doctors. Others use encryption programs to secure e-mail, such as a program from Eastman Kodak Co.; group purchasing firm Consorta Inc.,
Microsoft says its newest e-mail offering, Outlook 2007, will allow users to put postmarks and expiration dates on e-mails and it can restrict e-mails from being forwarded or printed.
St. Peter's Hospital,
"We have filters in place to monitor e-mail activity--who's sending what and where they're sending it," says Daniel Sullivan, director of information services. "But if you're asking me if we're 100 percent sure nothing left the building, I can't go there."
Until recently, tools that meet HIPAA's privacy requirements have been clumsy and difficult to use. But tech advances now make it easy to manage e-mail communication transparently, says David Smith, a senior compliance analyst with Symantec Corp., the Cupertino, Calif., provider of security products such as Norton AntiVirus.
"Transparency has been the real dragon to slay. If the user has to take even one additional step, such as encrypting a message, it just didn't happen," he says. "Now it's built into these technologies and the user may not even know it's there."
~~~~~~~~
By Richard Haugh
No comments:
Post a Comment