| Regardless of HIPAA’s recent impact on the business practices of the medical community, the secure storage and handling of patient-related information has always been an important consideration. Doctors have long protected patient records with locked cabinets, alarm systems and computer passwords. Not only are they committed to upholding the privacy of their patients, but also the loss of critical histories and treatments could seriously complicate, even threaten, the health of their patients in the future.
While HIPAA has been regarded by some as an over-reaction to a unsubstantiated threat, the intent of the legislation to apply security criteria in the "digital age" cannot be belittled. The Internet has, both organically and furtively, connected all of us to one another. It has with spy-like stealth brought us into one large community – a community complete with back alleys, dubious characters, and shady con artists. We can’t see the thieves coming toward us. We can’t match mug shots at the Post Office, and there are no weapons we can carry to inflict pain and injury as a means of defensive escape. To protect ourselves from hackers, crackers and spoofers, we must take a more sublime approach, one that may make us feel we are not doing all we can, but the best available to us: lock our digital doors.
We begin our security survey by understanding where all the doors are. They are everywhere, and yet are hard to find. And waiting to feel the intrusion of a digital breeze is not a good way to find an open doorway.
If you transfer dictation and transcription files with your doctors, there are several potential doors. If your doctors use telephone dictation systems, other doors appear. And if, heaven forbid, you use e-mail to transfer files, you’ve got a really large door to secure. Follow the path of dictation from doctor to you, then the transcribed file back to your doctor. Where along the way do you have open doors?
Telephones are very easy to compromise. The real potential for breaching your security is not from tapping your phone line – although that certainly is easy to do. The more sinister plot centers on the fact that you have a phone line going into your computer system (provided you are hosting your own telephone dictation system). A phone line into a computer instantly gives a skilled hacker an open door into your entire computer and local network.
Encrypting e-mail certainly is better than no encryption. However, you can’t encrypt the "header" of the e-mail. The "To," "From," and "Subject" are always visible. At least don’t allow your doctors to put patient names or file numbers in the subject. The other problem with e-mail is its lack of an audit trail: you don’t know the doctor sent you a voice dictation file unless you have received it. And vice versa.
Firewalls are great tools to employ whenever you have a computer network exposed to the outside world (via modem, cable or DSL), but they do require configuration, upgrades and constant vigilance as hackers find new ways of crashing the gates.
You can lock every digital door, however. It takes careful review and an understanding of computers, networks and encryption, but it can be done. The best choice, though, is to employ a workflow that reduces the number of doors as much as possible. Remove as much of the liability for possible security breaches from your operation. Teach everyone you work with how to protect information, and what the workflow protocols are. Use checklists and audits.
The alternative? How many transcription businesses could survive a lawsuit if one door was left open? Lock the doors, and don’t leave the keys lying out on the kitchen table. Find tools or services that remove as much of the liability as possible, while giving you the ability to efficiently service your clients.
|
