With Electronic Health Records facilitating access to medical files worldwide, Protected Health Information is now exposed to greater risk of wide scale data breach. Over 30 million records have been compromised since 2009, and firms can be 100% in compliance with legal regulations yet still at risk. Given this lack of expected privacy, there are situations where patients may feel inclined to see a doctor discreetly, in which records are not kept.
This initiative evaluates a potential process to receive medical services, under certain conditions, without any records retained. As it stands patients are discouraged from seeking treatment from licensed practitioners if they don’t want certain details on their record. Instead they would be compelled to seek out “under the table” providers (aka mafia doctors), who perform services with no oversight. There are more dangers with unlicensed medical operations, and these practices are often associated with illegal activities, such as concealing injuries sustained during a crime. Patients involved with illegal/lawless behavior will use such services anyway, so the current limitations only discourage honest individuals from receiving anonymous care. Criminals are also able to commit medical identity theft, where diagnoses/treatments received go onto the permanent record of some one else, which cannot be removed only flagged to request an amendment.
Currently all information documented by licensed U.S. doctors or hospitals will be kept on record long-term and shared, often involving computer/internet transmission. There will always be the chance this information is exposed, hacked, or otherwise acquired/accessed by unauthorized personnel. In other words if some one has a sensitive medical condition, any one else could potentially find out. These concerns are not necessarily pertaining to embarrassing diagnoses, rather on principal to avoid having personal information available for all intents and purposes; for instance, when seeking employment prospective hirees often must sign a waiver to allow the company full access to their health records.
To perform anonymous medical services the healthcare practice itself should still receive licensing, monitoring, and oversight, in terms of maintaining applicable credentials, along with tracking which devices/consumables go into the practice. To initiate the process, patients likely would be required enter into a formal agreement and sign a liability waiver, stipulating that he/she agrees to be reported if contagious (as an alternative the patient could opt to be quarantined until tests indicate otherwise). There is also concern this service may be used to conceal evidence of a crime, so the practice would maintain identifying documentation for bullet wounds and certain other occasions.
Patients would present ID to the reception desk in advance, to be kept on hand until after the visit, in case anything is to be reported; this way the doctor itself never learns their identity. Patients then determine upon checkout if they will authorize adding any new information/documentation onto their record. Otherwise said patient accepts personal responsibility to inform other doctors if there may be any adverse effect/interaction. For the patients’ own use they may request a hard copy or handwritten report of conditions and procedures involved, so they can notify future doctors on a case by case basis.
Any customer who visits a healthcare provider anonymously may be required to opt out of his or her insurance plan as a prerequisite to receiving such treatment. Insurance companies are granted access to health records to determine rates determined, based on a person’s medical history. By receiving anonymous medical services patients may be designated as having opted out of government (i.e., ACA) compliant insurance, though certain providers could still offer plans in some capacity. One potential compromise involves a process for patients to opt back into insurance by undergoing a physical/exam after being on record for having visited a doctor anonymously. Overall this initiative presents several new variables, so experts are encouraged to submit suggestions/feedback.
EHR 2.0 considers HIT security our highest priority, offering services which include training and consulting to keep healthcare providers in compliance with regulations and best practices. We have made clear the advantages associated with Health Information Technology and continue to promote optimum use, focusing first and foremost on privacy and security of patients’ PHI. On the other hand providers often feel a false sense of confidence, believing they are at little to no risk of data breach; and not all can afford to enlist outside assistance. We are not advising any one to use unlicensed medical practitioners, who are operating illegally and may endanger one’s health.
The above materials have been prepared for informational purposes only and are not intended as legal advice; also this does not necessarily represent the views of EHR 2.0, company nor staff.
Latest posts by EHR 2.0 (see all)
- FDA CFR Part 11 Compliance and Benefits - February 20, 2019
- Data Protection Officer (DPO) and GDPR Compliance - February 11, 2019
- Colorado hospital failed to terminate former employee’s access to ePHI - December 12, 2018