Work-Arounds are Jeopardizing Your Patient Data

device-internet-pixels-60504 One of the greatest challenges healthcare organizations face today is clinical application interoperability – the communication between computer systems, applications, or software to allow them to work in conjunction with one another.

We asked Robbie Morris with C Spire Business’ Cybersecurity Consulting Group to shed some light on the difficulties facing clinical interoperability. Robbie is the Vice President of Healthcare and Security Solutions.

What is clinical interoperability and why is it important?

Clinical interoperability is the ability for different apps and programs to work with one another. It can be a real problem when two doctor’s offices regularly refer patients to each other, but their EMRs (Electronic Medical Records) are not integrated.

Consider this process between two medical associates:

A laboratory requests patient information from a doctor’s office.
The doctor’s office employee prints a patient record to a PDF or image from the EMR and saves it to his computer’s desktop or download folder.
The employee then emails the info to the lab.

Seems like a simple solution for sharing patient information, right? The problem is that this patient data is now in a minimum of two unprotected and unregulated places – the employee’s computer and the sent mailbox folder. Once the info lands in the lab employee’s mailbox, this HIPAA-protected data now also lives in the lab employee’s inbox and the location where he saves it to his computer. Exchanging PHI like this increases the risk of mismanagement and leaves the doctor’s office AND laboratory open to HIPAA violations, resulting in the potential for steep fines, loss of reputation, and much more. This is just one of the many problems that could arise when interoperability isn’t a priority.

In today’s technology-connected world, security threats are persistent and for most any company, it’s only a matter of time before a security incident happens. Work-arounds like the one mentioned above are an unnecessary risk in exchanging vital patient information.

What can your practice do?

Find a true solution to sharing patient data. Educate your staff on work-arounds and stop them from happening.
Consider using an application interface server if you share patient data with multiple external service providers or clinical applications. It’s a more secure solution and easier to expand at a lower cost. Mirth is a widely used data engine software solution. You can host that on a physical server or in a cloud environment such as C Spire Business, Microsoft Azure or Amazon Web Services (AWS).
Invest in your technology architecture. Make sure your network and infrastructure has management functionality – the ability for alerts and usage data to be sent on a regular basis. If there is an activity log, you can monitor functionality and efficiency, and identify if a security breach has occurred.

If you’re concerned with the costs of these efforts, Total Cost of Ownership (TCO) is a logical way to look at clinical application and integration. You can negotiate with the business associate(s) that you are sharing information with to potentially pay for your Electronic Medical Records (EMR) interfaces. You can also discuss interface costs with software companies, laboratory companies and any business associates you work with who would benefit from lowering the security risk of unauthorized patient record access.

No matter what solution you choose, clinical interoperability is the key to ensuring your patient data is secure. Not only will your patients thank you, but you’ll be lowering your risks for violation and fines.

To learn more from Robbie, contact him at ask@cspire.com

Blog

Blog