Now that summer is over, the kids are back in school, and the football season has officially started, our thoughts naturally turn to … protecting patient confidentiality.
Wait, we can explain. Earlier this summer, a star player on the New York Giants, Jason Pierre Paul, had an unfortunate fireworks accident that resulted in the amputation of his right index finger.
Yet as excruciating as this sounds, in many ways, the pain is really just beginning. When you look at the full details, you see that this case actually represents a major – and high profile – data breach of a patient’s confidential information, and a possible HIPAA infraction. With tens of millions at stake, it is no laughing matter.
The right to privacy
Consider the details. The news of Paul’s injury first broke the day after this accident, when a hospital worker reportedly told a friend, who then posted this news to Twitter. Rumors then circulated online for several hours before news organizations were able to confirm the injury.
A Forbes article then connected the consequences of this leak. “Paul definitely suffered immediate professional damage, even before the extent of the injury was known. The Giants pulled a long-term $60 million contract offer as they attempted to get more information. ‘Given the timing of the event and the apparent judgment displayed, the Giants do not believe a long-term offer is in the best interest of those involved at this point,’ NFL.com dryly reported —and team officials flew to Florida to attempt to meet with Pierre-Paul, who’s currently unsigned.”
ESPN then got involved when football beat reporter, Adam Schefter, sent an image of the Paul’s medical records as proof of his “scooping” the story. Yet the release of a patient’s information without their consent represents a HIPAA violation. (Ultimately, Schefter will not face any sanctions because HIPAA does not cover members of the media.)
This led to a major controversy and bad press for the hospital, too. Jackson Memorial Hospital was forced to conduct a full-scale investigation into the allegations of an employee leaking Paul’s protected patient information. Between 50 to 100 employees could have had access to the information sent to Schefter, including nurses, physicians, a pharmacist, a dietician, several operating-room nurses and hospitality employees. At this point, the employee responsible for the leak has not been found, but the hospital vows to take full disciplinary action when it does, up to termination. Further, the hospital could face costly fines and be required to dedicate additional resources to internal security and process audits.
What makes this even more painful is the fact that this whole situation could have been avoided in the first place. For example, Nuance capture and workflow solutions could have helped the hospital protect patient privacy with technology such as authorization, user authentication, encryption, and secure output. More, built-in audit trails could help the hospital track all workflow activities, so it could easily see who printed or scanned the document.
If you are still wondering if you’re doing all you can to secure patient data and other confidential information, see how Nuance solutions can help gain control of existing processes to reduce the risk of data loss and improve compliance efforts.