PRESS RELEASE June 14, 2010, Cintas Issues Tips to Reduce Risk and Liability Using Electronic Medical Records for Healthcare Risk Management Week

Posted on Jun 14, 2010 in Records Management News

CINCINNATI, Jun 14, 2010 (BUSINESS WIRE) — Accord­ing to the 2010 Health­care Infor­ma­tion and Man­age­ment Sys­tems Soci­ety (HIMSS) Ana­lyt­ics Report: Secu­rity of Patient Data, the num­ber of health­care orga­ni­za­tions that reported a breach in data secu­rity increased by 6 per­cent in 2010, total­ing 19 per­cent. As more health­care orga­ni­za­tions migrate to elec­tronic med­ical records (EMRs), it’s impor­tant to take the proper steps to reduce risk and pre­vent med­ical lia­bil­ity suits. In con­junc­tion with Health­care Risk Man­age­ment Week tak­ing place June 14–18, Cin­tas today issued top tips to help health­care orga­ni­za­tions pro­tect the pri­vacy and secu­rity of health infor­ma­tion while remain­ing com­pli­ant with gov­ern­ment stan­dards using EMRs.

Cin­tas’ tips for main­tain­ing secure and com­pli­ant EMRs include:

1. Col­lab­o­ra­tion. The most suc­cess­ful, secure med­ical health­care record pro­grams are the result of a col­lab­o­ra­tive process. In hos­pi­tals, it’s crit­i­cal to include the chief secu­rity offi­cer, chief finan­cial offi­cer, chief med­ical offi­cer and med­ical records direc­tor to out­line and define a com­pre­hen­sive pro­gram that meets the needs of the entire orga­ni­za­tion and pro­vides max­i­mum secu­rity for patient files. Like­wise, smaller health­care orga­ni­za­tions must include rel­e­vant senior staff mem­bers to develop and exe­cute a suc­cess­ful program.

2. Dig­i­tize infor­ma­tion. Dig­i­tiz­ing health­care records is the first step to ensure com­pli­ance with evolv­ing indus­try reg­u­la­tions. By part­ner­ing with a ven­dor that pro­vides secure doc­u­ment imag­ing and scan­ning ser­vices, physi­cians and clin­i­cians will have real-time access to a patient’s entire med­ical his­tory. Fur­ther, health­care orga­ni­za­tions will increase secu­rity through unique user iden­ti­fi­ca­tion to pre­vent unau­tho­rized access and min­i­mize risk of reg­u­la­tory expo­sure, fines and penalties.

3. Cre­ate a strict secu­rity pol­icy with pass­word restric­tions. Ensure autho­rized physi­cians and staff mem­bers have their own pass­words and are unable to share. This will ensure an accu­rate audit trail if an inci­dent is to occur. It’s also impor­tant to limit access to records. Cre­ate dif­fer­ent lev­els of secu­rity based on the job func­tions of staff mem­bers. Only those work­ing directly with the patient should have the abil­ity to mod­ify records.

4. Pro­tect health­care records through­out their entire life­cy­cle. Since med­ical records require long-term reten­tion with a low vol­ume of retrieval, it’s impor­tant to uti­lize a secure doc­u­ment man­age­ment provider that has the capa­bil­ity to pro­tect patient data infor­ma­tion from the cra­dle to grave. By select­ing a ven­dor that pro­vides imag­ing, stor­age and shred­ding ser­vices, a health­care orga­ni­za­tion can ensure both their elec­tronic and phys­i­cal med­ical records live in a secure envi­ron­ment and can be prop­erly destroyed if required.

5. Train staff regard­ing proper doc­u­men­ta­tion and reten­tion prac­tices. Incom­plete and improper doc­u­men­ta­tion and reten­tion may lead to dam­ag­ing finan­cial and com­pli­ance issues. In addi­tion, a staff mem­ber asso­ci­ated with improper doc­u­men­ta­tion may be held liable in a mal­prac­tice case. To pro­tect one­self, the orga­ni­za­tion and staff against alle­ga­tions of neg­li­gent care and com­pli­ance vio­la­tions, it’s impor­tant to pro­vide con­tin­u­ous train­ing to ensure that files are always com­plete, securely main­tained and prop­erly destroyed if required.

6. Have a dis­as­ter recov­ery pro­gram in place. Cat­a­strophic events can and will take place. It is crit­i­cal to ensure a hospital’s dig­i­tal repos­i­tory is backed up and can be recre­ated if necessary.

“As more health­care orga­ni­za­tions adopt EMR sys­tems, it’s impor­tant to iden­tify and work to alle­vi­ate poten­tial risks before they occur,” said Tom Griga, Global Health­care Man­ager, Cin­tas Doc­u­ment Man­age­ment. “Health­care Risk Man­age­ment Week is an opti­mal time to reflect on your organization’s prac­tices to ensure it is using up-to-date effi­cient and secure processes to pro­tect patients and the orga­ni­za­tion from falling vic­tim to a data breach.”

Cin­tas offers per­son­al­ized doc­u­ment man­age­ment con­sul­ta­tion, as well as secure doc­u­ment shred­ding, stor­age and imag­ing pro­grams. Its ser­vices are designed to pro­vide busi­nesses with data pri­vacy and secu­rity, com­pli­ance with reg­u­la­tory require­ments and more effi­cient con­trol and access to infor­ma­tion. Cin­tas is the first North Amer­i­can AAA NAID-certified and PCI DSS com­pli­ant doc­u­ment man­age­ment provider.

For more infor­ma­tion on Cin­tas’ doc­u­ment man­age­ment pro­grams, please visit www.cintas.com/documentmanagement.

About Cin­tas Corporation:

Head­quar­tered in Cincin­nati, Ohio, Cin­tas Cor­po­ra­tion pro­vides highly spe­cial­ized ser­vices to busi­nesses of all types. Cin­tas designs, man­u­fac­tures and imple­ments cor­po­rate iden­tity uni­form pro­grams, and pro­vides entrance mats, restroom sup­plies, pro­mo­tional prod­ucts, first aid and safety prod­ucts, fire pro­tec­tion ser­vices and doc­u­ment man­age­ment ser­vices to approx­i­mately 800,000 busi­nesses. Cin­tas is a pub­licly held com­pany traded over the Nas­daq National Mar­ket under the sym­bol CTAS, and is a Nasdaq-100 com­pany and com­po­nent of the Stan­dard & Poor’s 500 Index.