RE: Re: Patient Identification Theft - Records Stolen -- Need suggest...

[Guest guest]

Hi ,

Two things on your additional information. One is what I already mentioned.

Keeping the charts in a secured container puts you at the HIPAA baseline.

Yes the container itself can be stolen and jimmied but at least the baseline

of security recommended would be maintained.

Second is to definitely consider a " cloud " type documentation system such as

Web PT. All that would be needed is a computer and wireless modem to

connect anywhere. There would be no files on the hard drive and no access

to the secured server so if the computer is lost, no security violations

would occur. This probably the way that all offsite records and

documentation will become and should as the security of the actual systems

and servers has come a long way and we are much more comfortable with having

all the information stored offsite. Truly though, it represents the best

level of security of protected health information that is available.

M. Howell, P.T., M.P.T.

Howell Physical Therapy

Eagle, Idaho

thowell@...

This email and any files transmitted with it may contain PRIVILEGED or

CONFIDENTIAL information and may be read or used only by the intended

recipient. If you are not the intended recipient of the email or any of its

attachments, please be advised that you have received this email in error

and that any use, dissemination, distribution, forwarding, printing or

copying of this email or any attached files is strictly prohibited. If you

have received this email in error, please immediately purge it and all

attachments and notify the sender by reply email.

From: PTManager [mailto:PTManager ] On Behalf

Of

Sent: Thursday, March 31, 2011 6:56 AM

To: PTManager

Subject: Re: Patient Identification Theft - Records Stolen --

Need suggest...

Thanks for all the good responses. We've gotten a great deal of information

to proceed. One piece I left off of the original post. The patients were

being seen as outpatients in the home - there is no clinic location. Records

that were in the car were those for patients that had been seen that day

only. This makes a bit of an argument for electronic [server based]

documentation but...that is a whole 'nuther can of worms.

Thanks again for all the great responses

>

> , Vickie, et. al.

>

> Strong agreement about keeping records inside the clinic. Whei I operated

> several private clinics, we once had a severely injured patient who'd been

a

> reseacher for a major pharmaceutical manufacturer. She had been

> transporting a number of clinical research records in her personal

> automobile when she was unfortunately " T-Boned " by an 18-wheeler,

scattering

> car and contents, strewing paper everywhere!

>

> The research was lost. She survived, but had residual disability. It

> wasn't her fault. Since I had been accustomed to taking charts home with

me

> to bring up to date from time to time, I learned a lot from that tragedy.

>

> Dr. Dick Hillyer

> (Off to Orlando today for the FPTA Spring Conference!)

>

>

> Hillyer, PT,DPT,MBA,MSM

> Hillyer Consulting

> 700 El Dorado Pkwy W.

> Cape Coral, FL 33914

>

> Mobile

>

>

> _____

>

> From: PTManager <mailto:PTManager%40yahoogroups.com>

[mailto:PTManager <mailto:PTManager%40yahoogroups.com> ] On

Behalf

> Of mlavcavitt@...

> Sent: Thursday, March 31, 2011 1:58 AM

> To: PTManager <mailto:PTManager%40yahoogroups.com>

> Subject: Re: Patient Identification Theft - Records Stolen --

> Need suggest...

>

>

>

>

> Dear ,

>

> I had a PT practice contact me for consulting services after one of their

> employee's stole the credit card number for three patients and used it to

> purchase nearly $4K in goods and services from local merchants. We

> immediately implemented Red Flag Rule policies and procedures, paid for

each

>

> patient to run a history of their credit for the next three years ($49

> year),

> purchased an identity theft policy for each patient (less than $100 for

one

> year) and paid back each patient for the amount that was fraudulently

> charged

> to their credit card along with interest (upon the advise of the client's

> attorney). Additionally, all four of his current financial/administrative

> employees went through a thorough background check and are now bonded. The

> client chose not to file charges against the employee as he felt that he

> did not have proper internal controls in place to avoid this from

happening.

>

> All three of the patients were satisfied that the client took proper

> measures to make them whole again and more importantly, to avoid

(hopefully)

>

> this from happening in the future and thusly, no legal action was taken

> against the client. A detailed incident report completed by the clinic

owner

>

> and signed by all three patients is on file in the event one or all three

> patients later decide to take legal action against the clinic.

>

> On a similar note, we have clients who have adopted very strict policies

> against removing medical records/files/patient financial records and lap

> tops

> from the office for this very reason. Stuff happens! While I am not an

> attorney, I work with a number of attorneys that I feel strongly would

> advise your colleague to adopt a similar policy and complete an incident

> report

> for both HIPAA and compliance purposes.

>

> Wishing you and your colleague the best of luck in finding an answer to

> this dilemma.

>

> Sincerely,

> Vickie

>

> D. Cavitt, President

> Medical Legal Alliance, L.L.C.

> 600 Guilbeau Road, Suite A

> Lafayette, LA 70506

>

>

>

>

>

>

>

> In a message dated 3/30/2011 3:09:21 P.M. Central Daylight Time,

> pkovacek@... <mailto:pkovacek%40ptmanager.com> writes:

>

> PTManagers

>

> I am hoping someone on this list can help with a situation that I have no

> experience with.

>

> A PT colleague of mine had his car broken into and a small number of

> patient

> records were stolen. Patient records were typical notes etc but were full

> charts with patient specific information that would be valuable to an

> identity thief.

>

> The therapist has identified all the missing charts, met with each patient

> to explain the situation and provided each patient with an identify theft

> protection plan for at least the next 12 months. Fortunately, because he

> got

> to the patients immediately, there is not a public relations issue with

the

> patients.

>

> If anyone else has [unfortunately] had any experience with this sort of

> event, are there other actions that the therapist should take to

> protect himself, his company and his patients?

>

> Thanks in advance for your ideas and suggestions.

>

> Kovacek, PT, DPT, MSA

>

> _PKovacek@... <mailto:_PKovacek%40PTManager.com> _

> (mailto:PKovacek@... <mailto:PKovacek%40PTManager.com> )

> Cell

> Personal Fax

> www.PTManager.com

>

>