Q. I still use paper records, for the most part; what do I need to know about stolen records?
A. This question is timely. According to a study reported by the Ponemon Institute in September 2013, “… it is expected that 1.84 million adult-aged Americans or close family members at some point in time became victims of medical identity theft.”
Even with safeguards – as seen with the recent Target and Heartbleed hacking incidents – a person’s identity isn’t necessarily safe. And electronic medical records aren’t immune.
Last year in Texas, someone stole two laptops containing medical records of more than 700,000 patients, according to an online report. And last January, a document containing information on 191 patients was stolen from a hospital employee’s car during a stop on the way to work. The document contained patient names, dates of birth, medical record numbers and reasons for hospital visits, according to this website.
To protect yourself and your patients, ProAssurance risk management consultants recommend:
- File a police report. If possible, contact the patient to obtain permission to do so, since though the record is yours, the information within is protected patient information.
- Notify the patient that personal health information and personal identification information was stolen. Also, note this as a HIPAA-unauthorized disclosure as the medical record is being re-created.
- Clearly note in the file that the medical record is being re-created.
- Contact your general liability insurance company and explain the theft.
- If the patient steals the medical record, file a police report. Call the patient to ask that the record be immediately returned, and note in the file the day and time the record was returned. If the patient does not return the record, document this as well.
- Ensure that employees/office staff have signed confidentiality agreements that reiterate the importance of patient confidentiality.
- Establish clear safeguards and protections for records that may be transported physically from one location to another, and ensure staff is aware of and understands those safeguards and protections.
- Encrypt/password protect laptops, emails and other electronic means of communication whereby protected medical information may be housed/transmitted.
Physicians insured by ProAssurance may contact our Risk Management department for prompt answers to liability questions by calling (800) 292-1036 or via email.