Information Governance | IG Policy
Every day we hear stories in the news about individuals whose personal information was compromised. Of particular concern is when this happens in a health care setting. Concurrently, our medical health care professionals are moving increasingly toward compliant electronic health records (EHR’s). Today we’ll explore how both patients and Doctors must work together, utilizing sound Information Governance | IG Policy, to protect the privacy of your health care records.
Health care organizations, from your local Doctor’s office through to large medical institutions like hospitals, have moved toward storing all protected health care information (PHI’s) onto compliant EHR (electronic health records) systems. From an efficiency point of view it’s great. You go to the Doctor, they refer you to a specialist or order some tests and everything is accessible (or at least easily transferable) to every member of your health care team. However, with all that information about both you, and your health, floating around the cyber world, it is imperative that measures are taken to protect it. Factor this fact in with patients, who with the use of a simple Smartphone, are now emailing pics and detailed descriptions of their ailments to their Dr. – you’ve got a recipe for disaster.
First and foremost, health care providers and organizations must use an information governance | IG policy to determine and differentiate between the types of records they are keeping and how they are kept. Should, using our example above, (and what is labeled in the system as “patient distributed information” or PDI) a patients emailed photo of their infected right eye become part of the PHI? If so, how can organizations protect data that was sent using a handheld device any 12 year old can access and operate these days?
Thankfully, information governance | IG policy strategies and programs already exist to help you safely navigate through this previously uncharted territory. At its core, an information governance | IG strategy will involve a formal review, or audit of your existing system. Health care professionals should be familiar with the theory of diagnoses. It’s what you do all day. So think of the first step of IG (the audit) as a diagnosis for your organization. An audit will help identify and quantify the presence of PHI and PDI on your systems and help provide a clear picture on where best to focus your resources in terms of their maintenance and storage. Based on this information you will then have to establish formal policies and procedures and train your personnel in how to follow them. Next, automate as much of your system as possible. IG software can be used to automate much of your data management system including when and how to delete records safely. Next steps would then include a periodic review of the system and making any adjustments and improvements as necessary.
Using Google to search up your own medical diagnosis may not be the best medicine. Having a google search turn up your patients’ history because you didn’t adequately govern and manage that information? No health care organization wants a piece of that apple!
For more information on Information Governance | IG Policy and HealthITAnalytics, you can read this article: http://healthitanalytics.com/2015/03/04/information-governance-must-protect-phi-outside-the-ehr/
Share this information with your colleagues or send us your questions, comments and feedback to: mailto:firstname.lastname@example.org . Please click here to find more information about Altitude IG or on our web site www.flexnetsoftware.com . We look forward to answering any eDiscovery | Information Governance | IG Policy questions you may have; Contact us at 1 (800) 263-87331 (800) 263-8733 FREE