Paper Health Records More Likely to Be Breached than Electronic Health Records

In honor of the first ever National Health IT Week, here’s a gem of a story that seems to voraciously support the need for more integration of electronic health records, and technology in general, to find their way into more medical practices.

According to an article published by Referral MD, in a report issued by Health and Human Services (HHS), despite all of the attention surrounding the security of electronic health records, in actuality, between May 17 and June 17, there were 45 security breaches involving paper health records – 42 more than with EHRs.

I shouldn’t be surprised by this, but I guess I am. Perhaps I’m programmed to think about EHRs exclusively, but paper records are still the majority of records kept, at least in the smaller ambulatory practices where EHRs haven’t been implemented, so security breaches in environments like this are quite likely.

According to the report, the following fit the definition of a “breach,” including theft, unauthorized access, improper disposal and loss.

Some of these I understand, to a point. Loss. That’s easy. It’s one of the most common complaints about paper health records. They get shuffled about the office, from room to room. With the library of other records, it’s surprising that more don’t end up getting misplaced. Getting found is another story, though. If they’re found, what happens to them? Are they then stolen? Five-fingered discounted from the crevice in which they’ve been laid? And, truly, if practices are losing copious volumes of paper records – I’d think losing records would be somewhat of an ongoing problem because of internal procedures and record keeping – then I don’t want to patronize the practice.

Improper disposal. Well, that doesn’t take too much imagination, either. In fact, I once remember not too long ago that the state of Oregon disposed of thousands of Medicare patients’ records improperly by simply tossing them in a dumpster behind the state’s office building, in the same dumpster shared by the state’s capitol newspaper, The Statesman Journal.

If an organization as large the state of Oregon improperly destroys paper records, I’m sure countless others do so as well.

Unauthorized access. Okay, sure. Unwanted eyes get their mitts on the occasional (I assume it’s the occasional) record and potential danger ensues. I’m not sure how one goes about getting his mitts on someone else’s records since I’ve never thought of wanting to see someone else’s record, but I assume it has to do something with hurdling the records desk and making a mad dash for the shelves with the millions of cream-colored folders.

I jest. Obviously, info thieves aren’t jumping over counters. Perhaps one of you can set me straight, but I imagine it happens as a passerby passes someone’s record that’s sitting in the pocket outside the exam room door or something similar; just a passing glance at someone’s record as they scurry on by.

The hard one for to understand, though, is record theft. How are these records getting stolen? From a doctor’s car as he runs into the convenience store for a soda? Are they misplaced in some unfortunate public place? Are they scattered to the winds by disgruntled employees?

How on earth do they disappear?

And, perhaps more importantly, could any of these breaches been avoided with the use of an electronic health record?

Happy National Health IT Week. Enjoy.