Technology has been a boon to the medical field. Putting patients' records on computers has streamlined record keeping in hospitals and physicians' offices, with old-fashioned paper files taking a back seat.
But that technology has also made it easier for the wrong people to access health records that should be kept secret.
New rules about medical privacy are being scrutinized by the Obama administration. One of the areas of dispute is at what point doctors, hospitals and insurance companies must tell patients about disclosure of information in their medical records. Such breaches have become more frequent, especially in the area of celebrities' records.
Across the nation, curious hospital employees have accessed the private records of sports stars and other celebrities.
"We take privacy very seriously," said Jannine Amato, the Health Insurance Portability and Accountability Act (HIPAA) coordinator for Mercy Medical Center.
Amato said the hospital does frequent auditing of all medical records, and can tell if anyone has looked at a patient's file.
"Employees only have electronic access based on their job function," Amato said. For instance, a clerk on the fifth floor of the hospital can't look at the records of an intensive care patient on the third floor.
If a file at Mercy is accessed improperly, the hospital must report both to the state and to the federal government.
"There are certain criteria that we look at, such as if it was harmful to the patient," Amato said.
Patients are also informed if their records have been violated, Amato said.
Joe Lombardi, vice president of human resources and the facility privacy officer at Mercy, said employees can be severely penalized if they access files they shouldn't.
"Depending on the severity, it could be up to and including termination," Lombardi said.
A few years ago, a computer thumb drive with patient information was found in the parking lot at Mercy. All the patients whose records were on that drive were informed of the breach, Lombardi said.
If a patient's records are breached, both the hospital and the employee who looked at the file may be subject to fines. In California, a spokesman for the State Department of Public Health said officials had substantiated 2,093 violations of medical privacy in the last 20 months. The department imposed $1.1 million in fines on six hospitals and is still investigating hundreds of cases.
Employees at Mercy have also been educated about what they can or cannot put on social media sites such as Facebook.
"Our parent company has social media guidelines," Amato said. "They stay on top of it, and so do we."
Reporter Carol Reiter can be reached at (209) 385-2486 or creiter@mercedsun-star.com.
E-Mail
Print
