Going high tech carries confidentiality risks
Going high tech carries confidentiality risks
Convenience can have a high price
The psychiatrist was pleased when a technician complimented him on how he had talked a patient out of suicide the day before. Problem was, how did the tech know about the patient’s crisis? And how did he know how the psychiatrist had responded?
The core of the problem was the psychiatrist’s cell phone. The technician was sitting in the hospital using commonly available equipment to eavesdrop on cell phone calls in the area and heard every word of the confidential conversation.
Technological advances such as cell phones make life and work easier but, as the above incident proves, they also can make it more difficult to preserve patient confidentiality.
The cell phone situation is true, says Jill Callahan Dennis, JD, RRA, a principal with Health Risk Advantage, a consulting firm in Winfield, IL. And they are just one of the advancements that require health information managers to have an intimate knowledge not just of what technology does, but how it works.
Some of the problems are not as obvious as cell phones, including what is called data remanence. In simple terms, data remanence is the availability of computerized data that you have already deleted.
Computer technicians understand the concept well, but typical computer users usually believe that "deleted" files are gone forever and thus pose no confidentiality problem. In fact, deleted files are still present on the computer disk or tape for some time, usually until the computer needs to overwrite the data because of space needs. Until that time, the data can be retrieved by anyone who knows how.
Large mainframe computer systems usually have safeguards against unauthorized access to data remanence, but personal computer systems usually do not. To the contrary, software is easily obtained to find data remanence on personal computer systems. The software is intended for legitimate use, such as when you accidentally delete a needed file, but Dennis warns that it easily can be misused.
On the other hand, you also can purchase software that specifically overwrites files that have been deleted. In general however, Smith points out that there are more confidentiality risks with high-tech resources than solutions.
"There is some technology out that can protect computer systems from unauthorized access, but security systems are usually two or three steps behind the people who have learned how to beat the systems," says Paul English Smith, JD, vice president for legal services and risk management at Cabell Huntington (WV) Hospital. (For more tips on dealing with the problem, see story, above.)
Smith also points out that skulduggery is not always necessary to breach confidentiality. In many cases, authorized computer users can inadvertently access confidential patient information with a misplaced cursor or accidental keystroke.
Another problem that can be overlooked is the use of computer hardware by several people. A confidentiality breach is simple if data are not protected in some way from the next person who sits down at the keyboard. But because the data can remain even after seemingly being deleted, shared computer hardware poses special problems, Smith notes.
If a computer, or even just the hard drive, is moved from one office to another within your facility because of repairs, upgrades, or expansions, confidential data may go with it.
"Laptops are a great example of how that happens," Smith says. "People share them, and there’s no telling what sort of confidential information is still on the computer when someone else takes it."
Many of the same confidentiality breaches can occur with audio and videotapes, Dennis points out. Many of the same remedies will work.
Also use caution when sending hardware out for repair or when it is sold or traded. Remember that simply deleting the files does not mean the new owner will not be able to pull up a wealth of confidential information. Take the proper steps to wipe the system clean of confidential files before letting it go.
The proliferation of voice mail also poses a threat to confidentiality. Dennis warns against relying too much on voice mail and answering machines because, as she point out, everyone has gotten a stranger’s message at some point. When using voice mail and answering machines, first double-check the phone number before calling.
When leaving a message, Dennis suggests being circumspect and never leaving confidential information on the system. An example might be, "This is Dr. Smith’s office with a message for Mr. Jones. Your test results are in. Please call us."
Dennis also warns against careless use of e-mail. Though convenient, e-mail usually does not offer complete privacy. And be sure to practice safe fax. Most health care facilities now employ cover sheets warning that the information is confidential, and many require the destination fax number be confirmed before sending the document.
And as the psychiatrist mentioned at the beginning of this story learned, "People do listen in to your cell phone calls," stresses Dennis. "It used to be that people just eavesdropped on police radio calls, but now every cell phone [conversation] in the area is up for grabs."
This can be a particular problem because many doctors dictate patient notes, operative reports, and discharge summaries on cell phones while driving home from the hospital. That can mean complete patient identification and personal information are being broadcast on the airwaves.
Smith uses an inexpensive radio frequency scanner to make this point when he gives presentations on the threats to confidentiality from high-tech devices.
"I pull out the scanner and let people listen to what’s going on around us. I tell them this is how easy it is," Smith says. "We’ve even listened in on an FBI agent using a cell phone to check his confidential voice mail."
Smith points out that the same problem is posed by wireless telephones in the home or office. Smith and the hospital’s medical staff leaders remind physicians that most telephone communications are not secure and discourage them from phoning in dictation.
Dennis acknowledges that cell phones are tremendous aids to health professionals, but she says they should be aware of the risks and how to best minimize them.
One option is to inform the patient that the call is being placed on a cell phone and offer to call later if the patient wants more confidentiality.
"That way the patient has some choice in the matter," Dennis says.
Subscribe Now for Access
You have reached your article limit for the month. We hope you found our articles both enjoyable and insightful. For information on new subscriptions, product trials, alternative billing arrangements or group and site discounts please call 800-688-2421. We look forward to having you as a long-term member of the Relias Media community.