The June 2015 Office of the National Coordinator (ONC) for Health Information Technology Data Brief marks the 27th time such a brief has been published by ONC. We thoroughly reviewed the data brief and want to share two important pieces of information that were discussed in the report that we think you and your organization may benefit from.
1. Most individuals are concerned with privacy and security
According to the ONC Data Brief "about 7 in 10 individuals express concerns about privacy and security." This number is slightly misleading because according to the report "less than one in 10 individuals has withheld information from their providers due to these concerns."
2. Unauthorized viewing of medical records shared between health care providers
"A majority of individuals nationwide also expressed concerns regarding unauthorized viewing of medical records when information is shared between health care providers." This was interesting considering medical information is often shared for treatment, payment and healthcare operations purposes; however, according to the report "in 2013 about 6 in 10 individuals expressed concerns about their provider sharing their health information with other providers."
The report concludes "in spite of potential concerns, a majority of individuals want their providers to use an EHR and to share appropriate medical information electronically with the individual's other health care providers."
What do these numbers tell us?
We need to understand that under HIPAA we have a responsibility to safeguard protected health information (PHI) and personally identifiable information (PII) and patients are becoming increasingly aware of it. Thanks to technology we can quickly access, modify, store, share, and delete information. Unfortunately, when we share information it can get into the wrong hands. This is why it is important to have policies and procedures in place that address privacy and security. By having sufficient policies and procedures in place, we can reasonably provide assurances to patients that we are going above and beyond to safeguard their information.
Likewise, we need to educate patients that their information may be shared with other providers for treatment purposes, and that their information will be shared safely by only those authorized to view that information; your Notice of Privacy Practices (NPP) should address these concerns. As long as everyone in the organization, who has access to PHI or PII follows your organization's privacy and security policies and procedures, then individuals' concerns should begin to dissipate as they see their information being properly handled and safeguarded.
If you have any questions about policies and procedures, need help developing policies and procedures, or have any other compliance questions, please feel free to comment below or send us an email at [email protected] or reach us by phone toll-free at 855-427-0427.