Kill your fax machine (redux) and watch out for HIPAA violations
Today, noted medical informatics professor and professional Dr. Bill Hersh had this exchange on Twitter with his daughter, a new medical student.
MT “@AlyssaHersh: Just sent a fax for the first time in my life. The pains of having paper charts instead of EHRs, right @williamhersh?” YES
— Bill Hersh (@williamhersh) January 13, 2014
Later today, I stopped to pick up my mail in this multi-unit building and saw this sticking out of someone else’s mailbox.
That’s right, it’s a “personal and confidential” letter from Quest Diagnostics, presumably either medical test results or a bill. Either way, it’s a HIPAA violation waiting to happen. In fact, it’s probably already a HIPAA violation because people now know what lab this person used. The envelope is hanging out of this mailbox because it was misdelivered and whoever got it by accident placed it there for the intended recipient. But who’s to say it does wind up in the right hands before someone opens it?
Anyone who thinks paper is still a safeguard against privacy and security breaches, raise your hand. (Crickets.) Sure, electronic transmissions can be intercepted and databases hacked, but if you take the time to encrypt them, you lessen the risk. And should there be a breach, the audit trail that HIPAA requires can help investigators pinpoint the culprit and create a disincentive for employees to leak data.
As for the fax, it’s sadly ironic that a twentysomething is encountering a fax machine for the first time when she enters a healthcare environment. Kill your fax machine! It’s 2014. Why are we still using 1980s technology to transfer health information?