> But for all the HIPAA guidelines, we know of major health care breaches
(e.g. Kaiser, HCA, Lab Corp, etc.) so the strict guidelines didn't
protect
the patients' data with those companies.
This is easy: the portal isn't the only place where patient information
is stored and there are other ways to access data held in the patient
portal.
Ever have a MRI or a contemporary x-ray (without films)? Those images
each contain information about the patient and they are stored in a PACS
(which may have a more sophisticated storage system behind it). This PACS
isn't part of the portal, but it has the images and a practitioner will
interpret the images and then store the images (and the radiologist's
report) will be saved somewhere where you can review through the portal.
Billing processors also have different access. They never need all the
information in your chart, but they need enough information to process an
insurance claim and then collecting the remaining unpaid obligation. Even
reducing the information needed the billing processor still has enough
information to create a HIPAA violation.
Pharrmacies also have a different access route to information in the
portal... like the billing processor, the pharmacist doesn't get
everything in the patient's chart but they still need a lot of
information to do their thing.
Researchers and practitioners also sometimes store patient information in
places where they shouldn't (nobody has figured out how to stop laptop
thefts yet).
All this is off the top of my head. I'm sure there are other situations
where patient data could be compromised.
- Henry Mensch henry_at_henare.org
Received on Fri Feb 14 2025 - 23:32:12 EST