Chris Strammiello, vice president of marketing and product strategy, Nuance.
Patient admissions and discharge processes implemented at many hospitals today are rife with vulnerabilities and potential HIPAA violations. One of the greatest challenges hospitals face is how they can successfully deliver on dual requirements to make the information in a patient’s electronic health record (EHR) more accessible while at the same time making it more secure, especially because of their reliance on paper, analog fax machines and unmonitored multi-function devices (MFDs).
Every time a document or form is copied, scanned, printed, faxed or emailed — on either an analog fax machine, digital MFD or mobile phone or tablet — a patient’s protected health information (PHI) can be accidentally exposed or intentionally compromised. In light of this, federal standards have now defined digital MFDs as workstations, where PHI must be protected with administrative, physical and technical safeguards that authenticate users, control access to workflows, maintain an audit trail of all activity and encrypt data at rest and in motion.
Healthcare organizations need to add a layer of security and control to electronic and paper-based patient admissions and discharge processes to help minimize the manual work and decisions that invite human error, automatically mitigate the risk of non-compliance and avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
As hospitals are rapidly approaching an FY 2015 deadline for meaningful use, they must demonstrate their “meaningful use” of certified EHR technology, including the ability to protect patients’ health information, or face reduced Medicare payments. The recent HIMSS Analytics survey found that despite the vast majority of hospitals reporting progress toward Stage 2 EHR, barely half of them — just 54 percent — were yet capable of protecting electronic health information, a required Core Objective in Stage 1.
Acting under provisions of HITECH, the Department of Health and Human Services Office of Civil Rights issued new rules in 2013 that enhance patients’ privacy protections, expand individuals’ rights to their health information and strengthen the government’s ability to enforce the law. One new development from these rules is that a security risk assessment tool prepared by the Office of the National Coordinator for Health Information Technology (ONC) mentions copiers 15 times as being workstations where PHI must be protected with administrative, physical and technical safeguards that authenticate users, control access to workflows, encrypt data handled on the device and maintain an audit trail of all activity.
Hospitals also need to conduct a risk assessment to identify threats and vulnerabilities (including copiers), implement and train workers in data loss protection (DLP) technology and procedures, and establish security incident reporting.
Security vulnerabilities and potential compliance issues impacting patient admissions and discharge processes are usually found with analog fax machines that lack activity logging; in every digital MFD that copies, prints, scans and faxes documents, stores images on an internal drive and retains email addresses, network and user IDs and even passwords in memory; and in every mobile device from which information can be accessed, shared or printed.
Securing patient healthcare information
Admission is all about PHI. And at many hospitals, it’s still all about paper. Admission orders, patient information and consent forms, insurance ID cards and authorization forms, medical histories, referrals, initial prescriptions and even drivers licenses are routinely copied, scanned, printed, faxed or emailed as part of admitting the patient into the hospital and getting their information into the EHR system. Upon discharge, the patient typically receives a package of printouts, including a summary of their hospitalization, diagnoses or results, discharge orders and instructions, referrals for follow-up care and additional prescriptions. In the absence of user authentication, audit trails or other security controls, each document and action presents a risk of exposure and a point of vulnerability where PHI can be accidentally misdirected or intentionally compromised.
For example, printing of admissions- or discharge-related forms and documents to shared MFDs risks exposure of patient information in papers left sitting in the output tray or picked up by the wrong person. Unsecured MFDs could be used to make and transmit unauthorized copies or scans. Documents stored in the MFD’s hard drive could be improperly printed out or copied onto a USB stick.
Faxes can pose another HIPAA violation in which there have been numerous reports of unfortunate incidents. For instance, it has been reported that a South Carolina hospital faxed information on four patients, including birth dates, admission dates and insurance ID numbers to a wrong number. Another hospital in California, intending to communicate with a doctor’s office, instead sent six faxes containing patient records to an auto shop. There have been many incidents reporting patient information faxed to the wrong place exposing the patient’s name, date of birth, developmental and psychological treatment history, family history, diagnostic results and prescribed treatment. While paper can be particularly difficult to track and control, some of these same vulnerabilities exist in electronic admissions and discharge processes. And to be sure, electronic processes do not completely eliminate paper.
Electronic admissions might involve scanning a new patient’s admission form or referral into the EHR or populating a form with a previous patient’s stored information. The hospital’s method of sharing that information internally might include emailing it or even faxing it to other departments, such as the pharmacy. Patient billing upon discharge generates a lot of paper, all of it containing information that must be protected, even though it also needs to be shared.
Securing Patient Information on Mobile Devices
Mobile devices present a whole other set of risks to EHR. Theft or loss of mobile devices, laptops and portable media is, in fact, the biggest source of reported HIPAA data breaches. For example, a portable computer lost in Connecticut contained protected health information on 1.5 million individuals, over a third of the state’s residents. And the theft of two laptops in California compromised the protected information of 729,000 patients treated at six hospitals.
In admissions, the risk of mobile devices comes not only from theft or loss but in their non-secure use. Perhaps a hospital’s mobile strategy has not fully accounted for security. Or employees might be using mobile devices inappropriately in their own EHR work-around. Imagine an admissions clerk who prefers not to walk to the scanner and instead photographs a patient’s insurance card or driver’s license on a mobile phone, emails those images to her hospital address, then imports them into the patient’s EHR — with no record of how the information got there and no guaranteed deletion of the images from the employee’s device.
The simple fact is, whether a hospital’s admissions process is largely paper based or built around getting information off of paper and into an EHR, the only way documents containing PHI can be scanned, copied, printed, emailed or faxed within HIPAA compliance is under a system incorporating technological security and authentication. And hospitals have very few months remaining to achieve this capability.
In helping hospitals protect patient health information as part of achieving HIPAA-compliant patient admissions and discharge, we recommend adding a layer of automated security and control to processes that involve paper. There is software to minimize the manual work and decisions that invite human error, mitigate the risk of non-compliance and help hospitals avoid the fines, reputation damage and other costs of HIPAA violations and privacy breaches.
To reduce vulnerabilities in capturing and sharing PHI, it is critical to provide admissions and discharge processes that ensure:
- Authorization – only authorized staff can access specific devices, network applications and resources. This is secured through password- or smartcard-based authentication. Network authentication is seamlessly integrated with the document workflow and to ensure optimal auditing and security, the documents containing PHI are captured and routed to various destinations such as email, folders, fax, EHR systems, etc.
- Authentication – user credentials must be verified at the device, by PIN/PIC code, proximity (ID), or by swiping a smartcard to access documents containing PHI. Once users are authenticated, the solution also controls what users can and cannot do. It enables or restricts email or faxing and prohibits documents with PHI from being printed, faxed or emailed.
- Encryption – communications between smart MFDs and mobile terminals, the server and destinations, such as the EHR, are encrypted to ensure documents are only visible to those users with proper authorization.
- File Destination Control – simultaneously monitors and audits the patient information in documents, ensuring PHI is controlled before it is ever gets to its intended destination.
- Content Filtering – automatically enforces security policies to proactively prevent PHI from leaving the hospital by filtering outbound communications and intercepting documents, rendering misdirected or intercepted information unreadable to unauthorized users.
- In these more secure admissions and discharge processes, manually completed forms and documents are still scanned into the hospital’s master patient index. But the admissions clerk must first authenticate herself by swiping her ID card or entering a PIN at the MFD to gain access to the functions or pre-defined workflows she’s authorized to use. In this case, that could be scanning to a new or existing patient file, with a menu for choosing the type of document about to be scanned. The document is then securely transferred to the software server and routed together with its metadata to the hospital’s document management system or EHR. It is important to secure documents at the point of capture by requiring a password to later access any document scanned to PDF.
- This process can just as easily begin electronically, with the clerk capturing files on their computer desktop or even on a mobile device. When documents need to be printed, you need a system that prevents exposure of patient information by holding print jobs in a secure print queue and not outputting them until the clerk signs in at the printer and selects the specific documents to output.
- Faxing in the document and output management solution -enabled admissions or discharge process becomes highly secure, error-free and fully traceable. The data capture and output management software completely eliminates the risk of faxes being sent to wrong or unauthorized numbers. Outbound fax number verification compares manually entered fax numbers against a database of allowable numbers, so whether a number was mis-entered or otherwise invalid, if it’s not in the list, the fax won’t go. For even greater security and accuracy, the secure information collection and output management solution can present the user with a pick list of authorized fax numbers from which to choose the one they need.
- From the MFD, the fax is transmitted SSL encrypted to the software server, where the image can be cleaned and meta data applied. Using advanced content filtering, if the solution recognizes that the fax contains patient ID or Social Security numbers or other confidential information specified by the hospital, it can automatically redact that information before sending the fax, or stop the fax from going out. Either way, the system can notify the administrator of the attempted entry of an invalid number.
- Of course, the fax is also routed to the patient’s EHR, together with a complete HL7-based audit trail identifying who sent the fax, when, from which device, to what number, how many pages it contained and the name of the patient. The fully HIPAA-compliant audit trail also provides a path to the fax image.
- Similar audit trail information is captured for copies, prints and scans as well, allowing hospitals to capture every document and monitor all usage of the device.
The solution should also provide the security that allows HIPAA compliant use of mobile devices in creating, accessing or sharing patient information. Electronic admissions and discharge forms — including patient signatures — can be completed on tablets and the information securely transferred to the EHR. Insurance cards, patient ID and other paper documents can be photographed with the device’s camera and then the images automatically deleted, so that a lost or stolen device provides no access to patient information.
Admission is the gateway to hospitals meaningful use of EHR and the front line in efforts to secure patient PHI. Security of PHI must continue through and beyond patient discharge.