The Importance of Computer Security Training for Medical Clinics

The Importance of Computer Security Training for Medical Clinics
Page content

Tech & Health Care

Computerized machines can now see deep within the human body to detect illnesses that may have been missed in the past. Computer programs now make it easy to access a patient’s medical history without needing to go looking for their charts within a file cabinet. Doctors can conference with other doctors and even patients from across states and countries. Surgeries can even be performed remotely using robots controlled by human hands over the Internet.

With technology making up so much of our lives, the state of privacy - especially in regard to patient records and information - is an important aspect for doctors and patients all around. The importance of computer security training for medical clinics can be the deciding line between information that stays with the hospital and what gets in to unwanted hands. Furthermore, hospitals not adhering to proper computer security procedures could be breaking the law.

HIPAA

We all have concerns in regard to our privacy, both online and off. However, as we become more and more used to technology and

online access, that privacy seems to be blurred. For example, many people feel extremely comfortable with sharing their personal information online, such as addresses, phone numbers, birth dates, etc. Add to this the current lack of security in major organizations and it seems as though we’re opening the door to an invasion.

In the field of health care, lack of security training by hospitals and clinics for their staff can be as detrimental as just leaving a patient’s file folder open for everyone to see. Medical clinics and hospitals hold a huge base of information on their patients - name, address, social security number, medical record number, medical history, payment history (if applicable) and more. This is where HIPAA comes in.

HIPAA stands for the Health Insurance Portability and Accountability Act, which was started by the US Dept. of Health and Human Services for the purpose of setting requirements and standards in regard to the transmission of health care information. The goal is to protect security and confidentiality of electronic information in regard to patient records. And while this is set in place to make sure that patient information is protected, there of course are issues with this.

Types of Concerns

The number one issue is that hackers could penetrate a hospital’s computer system. This concern has been in the news lately, thanks to data breaches at other businesses and companies and the potential wealth of information for thieves is huge. However, another major concern is with employees themselves. Many cases of computers getting viruses or malware are attributed to users who either click or download something on their computers, open infected emails, or even bring viruses from outside from their own infected computers.

This is where training becomes essential, as to teach employees not only how to use their software but how to be confidential in what they are recording. There’s also the case of patients themselves. I was a telephone operator in a major hospital and was quite surprised at how many patients would routinely spout off their medical record number or social security number to me before I had even finished speaking. This was mainly due to the fact that they assumed their call went to their chosen clinic, which it did not.

Addressing Security Problems

Both hospitals and clinics shouldn’t just rely on HIPAA to help keep information private. While complying with HIPAA is mandatory for any individual or business that works in health care or the medical field, it’s important that everyone understands their role in regard to this.

Train employees both on the software, but in regard to confidentiality. This needs to be done for anyone that handles private information, from the telephone operators to medical records to the doctors themselves.

Pay special attention if you have DNA patients. DNA stands for ‘do not announce’ and this is reserved for patients that are hidden from public view. Mostly used for patients on the psych ward, this will usually include patients who have been involved in crimes, patients who have been attacked by other family members, and of course, celebrities. Employees should be trained to never announce these patients over the phone, this even includes the nurses at the floor’s nurses station. Often times, it may be the nurses who transfer these calls, which alerts people that the DNA patient is indeed in that particular hospital. Instead, train staff to only accept visitors on an ID basis; basically if the visitor does not have a badge or ID, they are not allowed to see the patient.

Don’t rely completely on technology. While it may be easy to switch your files to that of a computer or even a cloud service, technology is still changing and there are bound to be issues. Servers can crash and while not common, the cloud can even go down. One man had seven years of information erased when his Google account was shut down. It’s best if you still retain physcial files, however keep them in another building or off site location that is also secured.

Patient Concerns

If possible, speak to patients in regard to your online records and access. Many will of course wonder about security; it’s important that doctors or employees are able to respond in kind, as well as reminding patients that they themselves can keep their information private by not sharing it with others unless they are treated. If your hospital has an automated directory or uses operators to direct callers, remind patients to be sure of who they speak to before giving out information.

If patients wonder if their doctors can keep quiet about their information, they needn’t fear. In a 2010 poll in regard to merging health information to the online world at large, 71% were either concerned or very concerned at the privacy issues that would arise; this was especially true for those that work within mental health facilities. Only 63% said they wouldn’t be comfortable recording information electronically, while 83% said that if they were patients, they wouldn’t want other providers to view their mental health records.

While the technology is still growing, there’s still a lot to be learned and to be avoided before complete online health records really take off.

References

Electronic Health Records: Concerns about Potential Privacy Breaches Remains an Issue from Science Daily, https://www.sciencedaily.com/releases/2009/12/091215121047.htm

What Are Common Privacy Policies for Medical Billing & Coding, https://www.medicalbillingandcoding.org/what-are-common-privacy-policies-for-medical-billing-and-coding/

Image Credit: Free Digital Photos/Ambro