Every so often I get emails from readers that I have to publish.  Please read this reader submitted article.  After the article I have given some feedback and reactions.

This afternoon, I went into the public lady’s restroom in the small office building where I share offices with an assortment of clinical counselors, psychologists, drug treatment counselors, and dozens others bound by layers of confidentiality rules, regulations and laws. Within the empty restroom, a personal planner was left forgotten on top of the diaper canister. Hoping that the owner would return shortly, I didn’t think much about it. However, when no immediate search was issued, I decided to see if I would be able to easily return it. Inside, the names and addresses, complete with recent drug test results, phone numbers and every bit of humiliatingly confidential information lined each page. Taped to the front inside cover were personal phone numbers, security passwords, and all the other information that the IT world grimaces at. All of this was left discarded in the public restroom used by the same clients (5/27: “Jane Doe, positive for methamphetamines”), their friends, parents and any other random bladder.

After returning the book to the appropriate office, trying in vain to relay the significance of the matter to a “who-cares” receptionist, I started to consider the predicaments of the digital age. If trained professionals can absently leave such dramatically important information in the restroom, what can they do with the digital versions?

Recently, an email flashed into my co-worker’s inbox. Someone from the Minnesota DHS accidentally hit the wrong person in her contact list, and now my inbox was flooded with highly confidential information about someone else’s clients. We received it all: their dates of birth, social security numbers, and even physical descriptions, credit history, and everything else you might not want to know about your neighbors.

When information is “just a click away”, and the password is left taped to the planner in the bathroom, how do we begin to control and regulate the flow of health information in an inexact and humanly flawed world? How do we retrain the clinical and direct-patient care staff to take as much caution with the patient as with the patient’s privacy and health information?

Certainly there will always be room for improvement, and the innovations in health technology can pioneer the methodology that restricts the relay of data as protected by HIPAA.

The writer of this article recognizes a simple truth.  Whether paper or electronic, security of patient information should be paramount, and is not a problem that is solved just by moving to an electronic system.

Things like segregation of duties, encryption, need to know access levels, proactive audits, and permission verification are often very new to medical sites that are moving away from paper.  The paper world’s security was often “it is locked in the cabinet” and no one took much more effort than that.  Today’s electronic environments are much more available and much more capable of being abused.  Last year several nurses and physicians were fired at a medical center on the east coast when George Clooney had his medical record inappropriately viewed.  Electronic systems are sometimes a double edged sword.  They have great advantages in allowing clinicians from anywhere with Internet access get to the record, but at the same time if controls are not properly in place, they allow way too much access to those records.