15 Aug 2016

Picture this: You want to check something from your doctor, so you log into your medical portal to see your health information; only, instead of seeing your information, you see the data from another person. Of course you are going to wonder, “Does that mean someone can see mine as well?”

This exact scenario has occurred at least twice in the last week from patients using the electronic health record (EHR) systems reported.

The problem is that there is almost no software program out there without its own set of bugs; the bugs may manifest themselves as something as simple as forcing an app to close, or as shocking as seeing the medical information of a different person.

In the case of EHR, apparently this glitch occurs when specific functions are performed in a particular way, making it almost impossible to quantify the exact number of affected patients. Also in the case of EHR, a greater problem exists in that this glitch is a very clear violation of HIPPA. Though this appears to be accidental, the fact remains that the software is sharing the private and protected health information of patients, to other patients.

Who’s Impacted?

While it is possible to go into the software and pull reports, without strict auditing logs, it is practically impossible to determine not only which patients saw the wrong information, but also which patients’ information was seen. It also makes it difficult to know exactly which of the providers using EHR need to be contacted.

Auditing is one of those back room functions. It’s like spending money on rewiring the electricity of your home instead of opening up your kitchen; it is extremely important because it keeps you safe, but it is also very un-sexy, and like home owners, business owners do not want to spend their money on something whose intrinsic value is not seen until something goes wrong.

If the auditing function is weak, then assumptions must be made; and you know what they say about assumptions.

Who’s to Blame?

In this situation, it appears that everyone loses.

Nobody is perfect, but imagine you work in the healthcare industry, and you receive a notification from the software company, a company that you trust with your patients’ most sensitive information, that says a bug in the system has caused half of your patients’ private information to be breached. And if that wasn’t bad enough, because this caused a clear HIPAA violation, you have to notify not just your patients, but also the Office of Civil Rights (OCR), too.

It’s like paying for your taxes to be done by a professional and then being audited, only to find that the Accountant committed fraud, but that you are responsible. You thought you did everything right, and you did, except that you made a bad choice. In this case, the impacted practices will not only have to deal with (understandably) upset patients, but they will also incur legal and other related expenses.

That being said, depending on the number of patients impacted and the underlying circumstances of the violation, it is possible that the OCR will open an investigation of both the software company and the medical practice. It may get the practice out of a violation on that charge, but it also opens them up to be dissected by OCR, which, if their HIPAA compliance is not on-point, could lead to additional penalties or even fines.

Conclusion

Software Companies need to make sure that their programs are tested to their breaking points; prevention is always preferable to a cure. Their healthcare industry customers are held to high standards in the form of HIPAA and that is always important to keep in mind. Auditing logs should be strong and detailed in order to make sure everything is in compliance.

Healthcare Practices need to take responsibility, as well, because they are the parties being held to HIPAA standards. If the software is not up to par, then they need to make sure to get their program within compliance as soon as possible. And both parties need to cover themselves with business associate agreements.

As the String Theory suggests, one little action, one tiny bug, can cause a huge impact.

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top