Chiropractors have been widely criticized for being slow to adopt Chiropractic EHR and other technologies. However, practitioners have unique concerns that need to be taken into account before implementing any new systems, perhaps the most important among them being patient data security.
Recently, Health IT Security spoke with Kimberly Gray, global chief privacy officer for a healthcare information services and technology company, who said that the push to adopt web based medical and chiropractic software has forced many providers to go back to the basics of making patient information security a top priority.
"You see a lot of HITECH reaction in healthcare [to improve patient privacy] and other industries focus on areas such as [bring your own device] and cloud while moving away from and losing sight of those privacy basics," Gray told the news source. "When talking about new technology, [we] need to get back to the fundamentals and healthcare has done well with that. Administrative, technical and physical security rolls off the tongue of healthcare security professionals because of HIPAA."
Transparency about how patient data is stored and used is key to ensuring that both providers and those they care for are on the same page. People need to know exactly what their doctor or chiropractor is entering into a system, as well as the security measures put in place, who else on staff may have access to it and how it can be used by the patients themselves for their own reference.
Gray added that practices and health systems may need to assess their corporate culture to be sure it's one that's conducive to proper use of electronically stored data. EHR users may do this by putting themselves in a patient's shoes, thinking about how they might feel if it were their diagnoses or treatment history being entered into a system. Another key to ensuring HIPAA compliance is to have solid protocol in place for EHR use, as well as educating all staff members on the rules.
Paper outlines problems and solutions to best protect patient information
A report titled "Protecting Patient Privacy and Data Security" was released earlier this year in the New England Journal of Medicine. It begins by recapping the incident in which Australian radio hosts prank-called the hospital at which Duchess Kate Middleton was staying, obtaining information by saying they were the Queen and Prince Charles. This highly publicized event brought patient privacy to the forefront of many healthcare providers' minds.
While it's unlikely that practitioners will encounter a problem quite like this one, it's actually not uncommon for people to call offices and misrepresent themselves in order to get billing information, using it for monetary gain. Preventing this kind of fraud, as well as data breaches in general, can be a role played by all parties involved – healthcare professionals, patients and insurers, according to the report.
"Patients can be important partners in protecting privacy and combating identity theft. Providers and insurers can help educate patients to protect themselves. The [Office of Inspector General] encourages health care providers to print multiple copies of the brochure it developed advising patients on ways to avoid falling prey to medical identity theft," the report states.