"We start by having a discussion with patients and letting them know about available resources, but that they have to accept some responsibility themselves," says one urologist.
Urology Times reached out to three urologists (selected randomly) and asked them each the following question: What are you doing to safeguard patient information?
"The problem is, they’re making medical records too readily visible for patients. I see that as a problem because who’s to say they won’t show their problems to their friends, who’ll show their friends. We’re getting too transparent with medical records, if you ask me. Yes, they’re their medical records, but less is a little bit more, sometimes.
As for security, we send encrypted messages, but in the day and age of cell phones, our answering service forwards texts containing the patients’ name and birthdate. So, the form of communication may be a problem.
For the most part, records are secure because we do everything here. Granted, we have the luxury of taking things home, but everything from our system is secured with the technology.
Hopefully, our technology will keep the information hack-proof, but I can’t answer that specifically because I don’t have the time to watch all that goes on. I have a busy practice, so I have to trust what the IT people tell us.”
Rocco Morabito, Jr, MD / Huntington, WV
Next:"We have to do our due diligence and try to be sure vendors we use are up to current standards"“We’re liable for the security of patient information as well as the management of it. So any third party we use puts us and our reputation at risk, as well as their own.
Obviously, our system is HIPAA compliant. We have a third-party vendor that provides our security, as well as with our EMR. We depend on that EMR company and their security, because we use a web-based EMR. We have to rely on them for security.
We pay a good amount of money every month for that. We have to, in essence, hope and have some faith that they’re meeting their end of the bargain for what we’re paying.
So far, we haven’t heard of any issues, but obviously that doesn’t necessarily mean it’s not vulnerable. For what we’re paying per month, we hope the EMR vendor has that all sorted out to help maximize the protection of data. But it’s just part of our reality nowadays.
When you think about it, even financial institutions-you hear about huge companies like Yahoo, banks, and even credit agencies-have problems. You hope they’re managing the security of our information, but there are breaches all the time. It’s just part of the reality with anything that’s available online. We have to do our due diligence and try to be sure vendors we use are up to current standards. But I don’t think even that is a guarantee.”
Robert Caruso, MD / Newark, NJ
Next:"I try to look at it from every angle, of everything that could possibly happen if there’s a data breach, if their information gets out"“The security of patient information is a difficult balance because you’re using 21st-century technology to deliver information to the patient, but it comes at a risk or cost.
We start by having a discussion with patients and letting them know about available resources, but that they have to accept some responsibility themselves. They need to use the portals appropriately, not only protecting their login information, but following the steps for two-factor identification. Some patients are very up to date with technology and are comfortable accepting responsibility.
Secondly, in urology to we tend to have an office-based practice and a hospital-based practice. We partner with a tertiary-care hospital here and discuss the information, the security, and the encryption we can use to protect both of us from malware or hacking.
We also talk about protecting ourselves financially-as the consumer and the provider-from the medical/legal risks by having appropriate insurance from our malpractice insurance carriers to protect ourselves if there is a breach and know what the financial consequence of that is.
I try to look at it from every angle, of everything that could possibly happen if there’s a data breach, if their information gets out.
We also have the ability to deal with the generation of patients who aren’t as computer savvy, who rely on a follow-up visit or telephone call to get that information, and that’s completely fine.
As for our internal EMR, we have gone to a cloud-based system from a server-based system. When we had a server-based system, patient confidentiality and information breaches were quite new. As we moved to the cloud-based system, we relied more on our EMR vendor to help protect patient information.”
J. Paul Yurkanin, MD / Tucson, AZ