RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US
Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Paper Records Are Still at Risk in Health Care’s Migration to EHRs
From:
Larry Medina <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Wed, 11 Feb 2015 11:43:50 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (71 lines) 
On Tue, Feb 10, 2015 at 7:41 PM, PeterK <[log in to unmask]> wrote:

> In October 2014, four boxes containing the records of 12,500
> Philadelphia-based Independence Blue Cross members were accidentally tossed
> in the trash by maintenance staff, instead of being relocated to another
> floor as intended. The team initially believed the boxes had been shipped
> to one of Independence’s off-site storage facilities, but learned of the
> error on Nov. 14. Names, addresses, phone numbers, physician names, health
> care plans and group numbers were included in the dumped documents, as were
> 8,800 members’ Social Security numbers. Independence’s member numbers are
> comprised of a person’s Social Security number and a two-digit suffix.
>

Sadly, like many of these articles calling 'paper risky', there are a lot
of holes in the story, the problem isn't 'paper heath records", it's a
failure to effectively manage the information contained in them.

 “We are also reminding all associates of our existing policies and the
appropriate safety precautions to take when discarding reports that contain
member information or other sensitive and proprietary information.”

REMINDING THEM?  It's part of their JOB... they should all be required to
be HIPAA trained and Certified, if they're handling PHI.  Everyone should
be.

Also, this statistic is a bit misleading:

"... 68% of all reported health care breaches posted on the HHS website
were a result of loss or theft, while only 23% were due to cyberhacking."

I think this addresses ALL incidents as a single occurrence, however, as
everyone is aware, ONE CYBER BREACH in that 23% (like the recent Blue
Cross, or the recent past TRICARE ones) can expose millions of records...
so while 68% may be related to non-cyber, those (for the most part) are
individual incidents of exposure.

"...75% of respondents said employee negligence is their biggest concern.
The problem, he says, is the relatively unfettered access many employees
have to information they don’t need, such as Social Security numbers, and
the accumulation of old records that the company doesn’t need to keep
anymore."

DHHS makes the rules for training of employees and securing medical records
quite clear- and there should be NO 'unfettered access' to any medical
records, it should all be based on a need to know only.  ANYTHING that
includes SSNs should NEVER be available to anyone who doesn't require
access.

And 'old records' shouldn't exist. Organizations should have records
retention programs that clearly identify the required retention times for
records and ensure records that have met their retention are disposed of by
the appropriate means for the information contained in them.

And there was more.  I responded to the writer and gave him some food for
thought from an RIM perspective, and if people DON'T DO THIS when articles
like this come out, it's a disservice to those of us who have dedicated our
careers to the proper management of Records and Information, regardless of
form or format.
-- 
Larry
[log in to unmask]



*----Lawrence J. MedinaDanville, CARIM Professional since 1972*

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2