A new analysis (printed in JAMA) has emphasized just how commonly hospices are disposing of PHI in an unsafe way. Although the analysis was carried out in Canada, which isn’t protected by HIPAA, the outcomes emphasize the main area of PHI safety that is often ignored.
Incorrect Dumping of PHI is More Usual than Earlier Supposed
Scientists at St. Michael’s Hospice in Toronto examined reprocessed paperwork at 5 training hospices in Canada. Each of the 5 hospices had plans containing the safe removal of papers having PHI and distinct reprocessing containers were provided for usual documents and paperwork having confidential information. The latter was torn before removal.
In spite of the document removal plans, documents having personal health information (PHI) and personally identifiable information (PII) were repeatedly wrongly put in the baskets. The scientists recognized 2,867 papers having PII and 1,885 items having personally recognizable health info in the normal reprocessing baskets. 1,042 documents had highly sensitivity PII, 843 items had PII with medium sensitivity, and 802 had low confidential data.
821 items comprised summaries, clinical notes, as well as health reports, there were 385 rejected tags with patient identifiers openly noticeable, 345 billing forms, 340 analytical test outcomes, and 317 communications and requests having PII.
The analysis demonstrates that even with rules in place containing the correct removal of paper records, confidential information is still habitually disposed of in an unsafe way.
Wrong Removal of PHI in the U.S.
During February, 23% of the month’s medical data breaches concerned paper/film files. Those breaches affected 121,607 persons. During January 33% of the month’s data breaches concerned paper/film files. Those breaches affected 13,513 people.
On the whole, between January 1, 2010, and December 31, 2017, there were 514 healthcare data breaches concerning 500 or over paper files. Those breaches have affected 3,393,240 people.
Several secrecy events concerning paper files only impacted some patients and aren’t made public, therefore it’s difficult to decide precisely how many cases have happened and how many patients have been affected, even though the Canadian analysis indicates these kinds of breaches are extremely common.
To avoid these sorts of secrecy breaches, HIPAA protected units must carefully study their procedures, policies, and physical protections for PHI and reinforce controls as suitable.