September 21, 2016

Help Patients Better Understand How You Protect ePHI

Kira Caban

Patients most frequently interact with doctors, nurses, and allied health professionals, making it easy for them to forget about all of the other people that go into running a hospital. Among the many unseen activities that go on in healthcare, hospitals need teams managing patient data, submitting insurance billing, maintaining legal compliance in clinical trials, and ordering medical supplies, in order to properly operate. Compliance teams can work with patients to help them better understand how the healthcare organizations they visit monitor and protect their electronic protected health information (ePHI).

Download the Protenus Privacy Primer to view the full spectrum of privacy postures in healthcare today and see how your organization stacks up.

4 Reasons Why your Data Security Strategy Matters to Patients  

  1. Educating patients on your current security and privacy protocols (and those planned for the future) will increase trust in your health system. According to an Office of the National Coordinator for Health Information Technology (ONC) and University of Chicago report, over 50% of patients don’t trust their providers to keep their ePHI safe.
  2. Finding creative ways to engage patients with their healthcare has the potential to improve both patient care and health outcomes. Major developments in telehealth and online patient portals allow patients to engage with their providers and health data regardless of physical location, but fears about security or privacy could impede this engagement. Patients should be aware of what proper and improper use of ePHI involves. Additionally, this educational process provides another opportunity for building a relationship with your patient.
  3. Trust is the essential ingredient for any long-term provider-patient relationship. Creating a channel for patients to learn that security and privacy are key priorities for providers will solidify trust.
  4. If a breach occurs, patients will take some comfort from the knowledge that you have a plan in place and that they have a point of contact to assist them with the next appropriate steps to safeguard their information.

7 Tips to Guide Your Privacy-Related Communication with Patients

When creating content for your public-facing websites, signage within hospitals, and educational resources for your colleagues and staff, these tips will help you be efficient in your efforts. Additionally, the very effort of reviewing your communications strategy and reframing it in a way that is accessible to patients will clarify your approach to privacy and identify potential shortcomings in your system.

  1. Provide a point of contact. Have an email address and phone number for patients to use to ask specific questions on how your institution protects their data.
  2. Include information on how your online patient portal works. Be sure to discuss the security measures you have implemented to support it, and what appropriate access to records entails.
  3. Explain how data encryption works, what it means in the healthcare context, and why it’s important. Be sure to make the distinction between data at rest and data in transit, and how you prevent against data interception.
  4. Review the Protenus Privacy Primer to see where your institution stands on its approach to privacy monitoring. Perhaps you have a proactive patient privacy analytics platform or maybe you have random audits. Wherever you stand, be up front so that patients understand the risks.  
  5. Share how you work with your employees to ensure that they are trained to properly access patient records. Share specifics on how often you conduct trainings to refresh your workforce’s knowledge of HIPAA and other privacy regulations.
  6. Explain your institution’s relationships with business associates (BAs), the business associate agreements you have implemented, and how you audit these agreements to make sure BAs are handling information responsibly.
  7. Provide direction on how patients should respond in the event of a data breach that involves sensitive ePHI such as social security numbers or Medicare numbers. Outline the services you plan to provide around identity theft protection to help protect affected patients from fraudulent use of information.

Sharing this information with patients will provide them with a better understanding of the issues and challenges associated with protecting patient privacy, as well as the extra steps your healthcare organization has taken to keep their sensitive data safe. Even more importantly, you’ll be able to solidify your role as a trustworthy organization, protecting patient data and ultimately providing better patient care.

To help your organization most effectively engage with patients, download our Proactive Privacy Analytics Primer now.

Download Privacy Primer