A Breach Can Be a Dose of Good Medicine

Are you among the lucky healthcare providers who have never experienced a breach of Protected Health Information (PHI)?  Having gone without a breach could provide a great sense of confidence that you are running your organization in a secure and well-organized way. However, are you absolutely sure about that? Statistics show that you are probably kidding yourself if you think you haven’t had a breach of some kind.

There are several types of breaches that occur, here are some examples from the breach log of the OCR (Office of Civil Rights). Throughout the daily workflow of patient care, a breach can occur with remarkable frequency.  Breaches can happen in several ways, here are some common situations in which they can occur.

  1. Giving a patient a visit summary belonging to another patient.
  2. Sending a fax or email to the wrong recipient.
  3. Mailing an entire medical record, or part of to the wrong patient.
  4. Having computer monitors positioned in a way that PHI can be read by patients or visitors to your facility.
  5. Having a device stolen that was used for accessing or storing PHI.
  6. Disposing of PHI in the trash instead of a shred box.
  7. Sending a text message or email containing PHI without reasonable safeguards in place.
  8. Employees disclosing PHI to friends or family.
  9. Being less than circumspect when discussing patient information in the presence of others.
  10. Having a computer monitor not set to properly time-out when not in use.

As you can see, breaches can be as simple as the mentioned situations listed above. Not all breaches are huge, multi-patient ones with high-stakes. They can be simple and small, but they are still considered breaches! Regardless if you may think they don’t happen to your organization they probably do, despite your best efforts.  Even with all the training, care, concern and dedication in the world, it does not make people perfect. People make mistakes and those mistakes can be costly!

So, How is a Breach “Good Medicine”?

Charles Parkhurst famously stated once, “It is not often that joy reaches so deep a place in men’s hearts as sorrow does.  Defeat touches men in a way that victory does not.”

A breach can be a dose of good medicine when used as a learning opportunity. “I’ll never do that again!” is a perfect phrase that shows how when a person makes an error, recognizes the error and then corrects it, leads to the probability of a recurrence being greatly diminished.

What about the OCR?

Do you think the OCR believes that a breach has never occurred in a practice?  Probably not. Subsequently, how would a practice be viewed that has the occasional breach, recognizes it, reports it, and then takes corrective action? They would be viewed as in the least, honest, responsible, and attentive. In some ways, breach discovery, reporting, and mitigation can be good medicine by inoculating your practice against skepticism in the event of an audit.

Breaches are something that can occur from time to time, there should always be precautions in place for their prevention. Never should a breach occur on purpose. If one does occur, give it the respect it deserves. Recognize it, report it, take corrective actions and of course, learn from it!

 

Return to the Home Page