Dealing with the release of information processes associated with medical records fulfillment can be a headache for many practices today. Workflows can be tedious and time consuming for your staff which takes their focus away from more important activities. What’s more, your practice is at risk of a HIPAA breach should they make a mistake. Ask yourself how you’d feel if you found out the reason your medical records ended up in the hands of your neighbor down the street was because of human error at the doctor’s office. Think it wouldn’t happen? Neither did a handful of residents living near Denver, Colorado.
Redwood Toxicology Laboratory, based in California, appears to have faxed dozens of confidential medical records containing the names and drug test results of more than 30 Adams County juveniles and one client of an Aurora drug treatment center to the wrong number – resulting in a breach of protected patient health information. The reports were originally intended for the Adams County Diversion program and the Aurora Center for Treatment, but instead, accidentally ended up on the fax machine of a woman living in Thornton, Colorado. “It’s just personal information that other people don’t need to know,” said Wesley Hargrave, whose drug tests were among the compromised reports. He now wonders how many other times his confidential records have fallen into the wrong hands. “Who is to say it’s not going to happen again?”
Although this mishap was most likely a faxing mistake, it caused a breach of information according to HIPAA regulations, which in turn exposes Redwood Toxicology Laboratory to the possibility of fines. If your practice currently handles release of information workflows internally, is there a chance that you could make a similar mistake? Fortunately, there is a way for you to take release of information tasks off your plate while transferring your liability to a Business Associate – helping you avoid a situation like the one presented above.
When practices outsource their release of information workflow to an eROI service provider and a breach still occurs, the third party (also known as the Business Associate) assumes responsibility for reparations associated with the HIPAA violation. In other words, outsourcing your medical record release of information workflow to a highly trained professional third party like ScanSTAT Technologies can not only reduce the likelihood of errors due to stringent quality control measures but also transfer the liability away from your practice. Then when a breach does occur, it is the third party’s problem, and not yours. They face the fines and the arduous task of properly reporting a breach as mandated by HIPAA, you don’t.
When choosing to outsource ROI workflows to a third party, it is important to determine if the company has established quality control measures in place. This will decrease the possibility of a HIPAA breach on their end, and give you the confidence the job will be done right by professionals. Additionally, look for a provider who can work directly from your EMR from a secure remote connection. This eliminates the resources and bandwidth the third party will require from your staff to get the job done. ScanSTAT is trained to work directly from a variety of EMR platforms to fulfill medical records requests through our secure eROI process, to deliver an end result you’ll be happy with.
Don’t let your medical practice get caught in a situation like the story above (read full news story here). Contact the release of information experts at ScanSTAT and lower your risk today.