Did I get your attention? Good. You need to pay attention to this message because it not only shows vulnerability and lack of control but reinforces the need for strong governance over records and emphasizes just how much of a positive impact moving to an all digital patient records model will provide.
I am sitting here eating lunch and reading an article on the Boston Globe Website titled “Patient files left at public dump”. According to this article, a Globe photographer had gone to the Georgetown Transfer Station to drop his trash when he noticed a pile of paper estimated to be 20 feet wide by 20 feet long and wondered why it was not being recycled. When he looked closer at the contents in this pile, he discovered the un-shredded documents were in fact medical records that contained names, addresses, test results, Health Insurance information and even Social Security numbers. In all, it appears that four hospitals are impacted by this event and the Massachusetts Attorney General is investigating to see if there was a “data breach”. The hospitals claim they transferred the information to contracted pathologists who used a medical billing firm who then disposed of the information by placing at the dump where the Globe photographer found it.
In my view, this is a definite breach and one that should have been reported the Health and Human Services in accordance with their 2009 Breach Notification Rule. It is also another example of how difficult it is to manage sensitive information appropriately when controls over the chain of custody and lack of proper governance are nonexistent. In this same scenario, using a well established ECM environment with records, process, and security management technologies in place, these organizations may have gained better control over the information and the transition from entity to entity could have been monitored and tracked more efficiently. I am not saying it would be perfect, I am saying it would definitely be better and if anything were to be found at the dump, it would be digital storage devices that can also be encrypted preventing unauthorized access to the information. Let’s go digital but let’s make sure it is all tied together.
What say you? Do you have a story to tell? What are your thoughts on this topic? What is on your mind? Do you have a topic of interest you would like discussed in this forum? Let me know.
Bob Larrivee, Director and Industry Advisor – AIIM
Email me: firstname.lastname@example.org
Follow me on Twitter – BobLarrivee
#patientrecords #ElectronicRecordsManagement #process #records #informationsecuritygovernance #landfill #content #breach #governance