How would you feel if your personal medical records were leaked online? You might feel angry, betrayed, or even embarrassed. For some folks, such a breach of privacy would be a major event that would require legal retaliation in the form of a lawsuit, or even a class-action lawsuit if more than one patient’s information was compromised. Patient medical records are a serious business, and their secure storage is critical.
In the United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) provided protections for health consumers regarding the privacy of their information. HIPAA includes a Privacy Rule that strictly regulates how patient information can be disclosed.
According to the U.S. Department of Health & Human Services website, “A major goal of the Privacy Rule is to assure that individuals’ health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public’s health and well being. The Rule strikes a balance that permits important uses of information, while protecting the privacy of people who seek care and healing.”
Physicians and healthcare organizations are therefore under strict government regulations regarding patient medical records. For this reason, their storage cannot be haphazard or insecure.
Physical and Electronic Medical Records Both Need Protection
Healthcare providers in the United States have already been mandated to transition to electronic medical records by January 1, 2014. This mandate, however, covers “meaningful use” and does not require providers and physicians to transfer all medical records to electronic format.
For this reason, many medical providers have hybrid systems, where certain records (most likely recent ones) are in electronic format, whereas other records (often archives) are still held in paper files.
Both paper and electronic records require secure document storage in order maintain compliance with HIPAA and possibly state and local regulations.
Considerations for Choosing Secure Document Storage
Many factors should be reviewed when determining where and how medical records should be kept. Of course, it also depends on the types of files that require storing.
1. Physical Document Storage
While physical files are being phased out, they are still an important part of healthcare. Many physicians have patient records going back decades, and it may not be feasible to have them all scanned into electronic format. Office space is at a premium, so physicians may choose offsite storage as an option.
The right physical document storage service will have a variety of services geared specifically to medical records, and may also be able to handle storage of additional medical info, such as radiology films and pathology slides.
2. Electronic Document Storage and Backup
Electronic records have different considerations than physical ones. For example, are you working with secure docs that have their own passwords and built-in protections? Or are the files in an open format such as PDF that anyone can read?
Electronic health record storage and backup should, of course, be HIPAA compliant. It should also come with excellent tech support and 24/7 monitoring.
Healthcare providers that are located in disaster zones may also want to consider backing up electronic records in a different city or even state. Companies located in earthquake zones such as California or hurricane-prone cities such as Houston might want backup that is not local.
7 Tips on Reviewing a Document Storage Company
Securing health records is important, so when reviewing a company, considering asking the following questions:
1. How long has the company been in business?
A new company may not be bad at what they do, but are they well-funded? Will they last for the next few years? You don’t want a company to take your records and then go out of business. Companies can also get bought out, with service levels dropping, so keep that in mind.
2. What sorts of reviews do they get?
Yelp and other review sites sometimes have user reviews of document storage facilities.
3. Is their primary business handling medical records or other types of storage?
Using a company that handles primarily business storage such as legal and medical is probably OK. You might not want to use a company that does not primarily focus on document security, however.
4. What are their contingency plans in case of fire or other disaster?
A good storage firm will have plans in the event of fire or other unforeseen events. They should also be in a location that is not likely to flood.
5. How easily can you access your documents once they are stored?
Documents should not be locked away so completely that you cannot access them.
6. Does the company offer a service that handles both paper and electronic file formats?
Some companies, like DocuSafe, offer hybrid services where they can store paper files as well as handle electronic formats. These companies will often be able to scan and convert paper files into digital format if needed.
7. Is the company current with HIPAA and state laws?
Make sure when talking to the representative that the company understands regulatory compliance with HIPAA and all state and local regulations.
Securing Medical Documents Takes Planning
With some simple planning, as well as careful vetting of offsite storage companies, medical records can be kept safely and securely. Whether they are still in paper format or are now electronic, your patients’ health records can be private and safe.