Guidelines on Patient Information

Making information accessible … but not too accessible

For healthcare providers, having access to patient information is absolutely critical. (This is part of the reason that interoperability has become such a big talking point over the past several years.)

It’s a good thing to allow patients to have access to their own health information … but not so much so that they can see others’ information. And it’s important to have a backup plan if your primary source of information fails due to a cyberattack, a computer malfunction, or even a natural disaster.

This fine line between privacy and accessibility was addressed in three recent articles.

Appropriately accessible to patients

More hospitals are now able to make personal healthcare information available to their patients, according to a recent study from the Office of the National Coordinator for Health IT (http://www.healthcaredive.com/news/electronic-health-information-available-at-a-hospital-near-you/426252/).

Making this information available seems like it should be a no-brainer … or at least not a new concept. But according to the study, in 2012, just 24 percent of hospitals were able to provide health information to patients in a digital format, and an even more limited 10 percent could offer patients the ability to not just view, but download and transmit information electronically.

Just three years later in 2015, 95 percent of hospitals offered patients information digitally and 69 percent allowed patients to view, download, and transmit information — a substantial increase.

This is very good news for healthcare consumers and a step in the right direction toward interoperability.

Backed up in case of emergency

There’s been a lot of attention cast lately on the increasing number of cyberattacks on healthcare IT systems and how to prevent them from happening.

But if one does happen at your facility, are you prepared with some sort of backup plan?

A recent article in Bloomberg BNA (http://www.bna.com/hospitals-lowtech-defense-n73014446065/) highlights one solution that Boston Children’s Hospital has implemented.

It’s a “crash cart” with, yes, paper forms and directions for everything that the facility would need to keep operating in case of an IT outage, malfunction, natural disaster, or even a cyberattack.

According to Dan Nigrin, chief information officer at the hospital, this low-tech solution offers peace of mind to the facility’s staff and administration.

“Hospitals are starting to recognize that this is something they need to plan for,” he said in the article. “We’re moving to automate more processes to realize efficiencies, so there’s real risk if those systems are taken away.” 

But not in plain sight

However, there is a downside to having paper copies of records — visual hacking.

What’s visual hacking? It’s quite simply having sensitive data in a place where someone who shouldn’t be able to see that information can see it — such as on a desk or on a computer screen that’s easily visible.

What’s scary about this is that in a recent experiment conducted by the Ponemon Institute, 91 percent of attempts to gather information through visual hacking were successful. And visual hacking attacks are nearly impossible to detect.

“Visual hacking flies under the radar and tends to be overlooked,” said Kate Borten, a member of the Visual Privacy Advisory Council (http://www.healthcareitnews.com/news/privacy-expert-shares-tips-preventing-visual-hacking).

So how can you prevent this from happening? The answer is quite simple, actually — don’t leave sensitive information in potential high-traffic areas. Where is your fax machine? Your paper shredder? Your recycling bin? Are your receptionists’ computer screens visible to patients?

Take a walk around your office to see where you may have vulnerabilities. Solving these issue should be a relatively easy fix and will help make your facility more secure.

COVID-19 Resource Center    Visit our Resource Center to stay up to date.​