One Medical Justice member practices surgery on the west coast. A sign is posted on his wall stating “For your privacy protection, we use paper records.” His practice is cash-pay and he does not need to upload medical records to large insurance companies to get paid. And, he uses computers for many different things. He is not a Luddite.
Is there anything to his assertion?
I snipped a screenshot from the Office of Civil Rights’ (OCR) “Wall of Shame.” OCR does not call it the Wall of Shame. But, no one wants to appear on it. The screenshot below is just last month’s records of reported data breaches. Yes, reported data breaches. Likely many more breaches were not reported.
If you want to eyeball OCR’s reports, go to: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Some of the breaches were due to hacking. But, many were due to bread and butter theft. Missing laptop, lost smart phone; etc. The remedy for these actions – encrypt data at rest on these devices.
But, other breaches were more complex – including hacking.
Many of these organizations have full-time Information Technology Departments – and they were still stung by data breaches.
I have no idea if OCR demanded monetary penalties for any of these breaches. I do know that HIPAA allows OCR to impose penalties for each breach.
If you already have your own IT Department, great. Hopefully they understand the changing landscape of cybersecurity.
If you do not have your own IT Department, and you outsource such work to third parties, make sure they sign a Business Associate Agreement. Hopefully they understand the changing landscape of cybersecurity.
If you stick to paper records, be careful about leaving them in your car (or accessible to unauthorized people). When people break into your car, they do it the old fashioned way. Either opening an unlocked door. Or a brick through the windshield. That landscape is not changing.