HIPAA doesn’t just apply to electronic records
Of all the HIPAA breach reports I’ve read, this one takes the cake. It’s from 2009, when a retiring physician came home and found 71 boxes of patient records in her driveway, courtesy of the health system that was supposed to be transitioning those patients to new providers. There were more than 5,000 records in the boxes, which were left unattended, 20 feet from the road, and a short distance from a local shopping venue. (!) The doctor filed a HIPAA complaint, and the health system was eventually fined $800,000.
Although this makes for an interesting story of head-shaking foolishness, it also has a lesson in it for us solo providers.
Paper records are covered by HIPAA, too.
Do you testify in court? Required by the Child Protective Services worker to bring the case with you? Consider the security risks you take in doing so, and make a plan to reduce those risks.
Do you have other situations where your paper records are in a more risky situation than usual? (i.e., out of the locked file cabinet?) Make sure you’ve put that on your risk assessment, made a plan to mitigate the risk, and start taking action.