Today's article is by Brandy Brimhall. CPC, CMCO, CCCPC, CPCO, CPMA.  Please read and prepare!

Have you ever thought about the types and value of patient information your practice creates, maintains, and uses to communicate with 3rd parties when seeking reimbursement?  For example, consider that practices have personal contact information, social security numbers, payer ID and group numbers, medical history, treatment information, etc.
 
In the "old days,” our risk of having information stolen was mainly limited to whoever had access to our written patient files or, in the event of a break in, how much information that person could pick up and carry out of your practice.
 
Now, we have the world wide web that contains most, if not all, of this protected and vulnerable information.  This, of course, compounds the risk of protected information being accessed, disclosed, or otherwise compromised.  Should this protected information end up in the wrong hands, a practice's entire patient database may be vulnerable to things such as identity theft and medical identity theft.  Further, protected information is much more accessible and at risk than ever before.
 
The blessings of technology have enabled practices to expedite the time spent on claims preparation, claims submission, and improved the wait time for receiving payment for claims.  Technology has also been beneficial to practices in respect to achieving appropriate levels of documentation in order to meet guidelines and better support the claims being billed for.  Workforce members are saving time in printing, filing, and organization by having software in place that stores this information.
 
With the benefits of technology come responsibilities that practices must make a priority.  The cost of not appropriately managing these responsibilities not only poses a significant risk to the finances and reputation of the practice, but to all of the patients as well.  For a moment, consider your own personal information that is created, stored, and maintained by healthcare providers.  Think of the potential impact to your personal finances, credit, and even healthcare diagnosis, treatment, etc., should your information be obtained in an unauthorized manner.
 
Compliance related investigations are actively being conducted and when these occur, both stressful and financial burdens impact the practice.  Much of the time, when an issue occurs, a sound and adhered to compliance plan may have prevented the obstacle altogether.  Let's evaluate a just a few common errors made by practices that may be minimized or avoided completely if appropriate compliance policies and procedures were in place:

• Unauthorized access resulting in access, use, or disclosure of protected information
• Inappropriate and/or identifying posts made to social media sites
• Lost or stolen portable devices with ePHI access (ipads, smart phones, lap tops, etc) resulting in potential data breach
• Insufficient backup protocols resulting in loss of data and inability to recover information
• Insufficient definition of procedures leading to various errors and strained workforce member relationships.  Note that many whistleblower suits or privacy related complaints reported to the Office of Civil Rights are made by workforce members!
• Inappropriate posting on social media
• Improper disposal of records
• and the list goes on...