Even in the midst of numerous data breaches involving major healthcare providers and insurance companies, patient privacy remains a top priority for the Office for Civil Rights and Department of Health and Human Services.
There's a growing belief that patients should no longer “expect” privacy, given the ever-connected world in which we live. With hospitals and doctors' offices becoming more and more reliant on electronic devices to store Protected Health Information (PHI), breaches have become commonplace. It only takes a single phishing email to result in the unauthorized access and disclose of millions of patient records, which is something that we've seen happen several times in just the past 12 months.
But the Office for Civil Rights – a smaller branch operating under the HHS – continues to stress the importance of patient privacy. In a recent interview with ProPublica at the National HIPAA Summit, Jocelyn Samuel, Director of the Office for Civil Rights, explained that privacy is still attainable.
When asked if the current concept of patient privacy is outmoded, Samuel replied “No. I think that you are talking about some of the most intimate facts about any individual, whether it is their health condition or their diagnosis or their treatment choices, and that it is really critical to ensure that they feel confident that that information will be protected from public disclosure,” he said. “That's the underlying premise of patient involvement in health care decision-making, that they can entrust their providers with this really intimate information knowing that it won't be misused or inappropriately disclosed.”
Of course, there are new hurdles faced by covered entities today looking to protect their patients' data. Just 5-10 years ago, breaches were relatively uncommon, and when they did occur, it usually affected just a small number of patients and customers. Hackers today, though, have become more savvy on the use of malicious software and programs to infiltrate large companies. If you run or manage a company that deals with Protected Health Information (PHI), you must take additional measures to ensure it's protected against unauthorized use or disclosure.
HIPAA lays out several Rules – Physical, Administrative, and Security – to help covered entities protect their patients' data. While some people view them as a nuisance, they are essential in protecting the privacy of patients.