The following blog was written a year ago but the content is still relevant today. What if organizations looked at HIPAA security as a competitive advantage and not just something that is mandatory and required by the government?
In two recent surveys a clear message is being sent. The message is that patients want doctors and health organizations to use electronic health records (EHRs) but the patients are very concerned with the privacy and security of their records.
A survey by Dell called The Dell Executive and Patient Survey (PDF) reported an overwhelming amount of patients wanted the following:
- EHRs (69%)
- Making it possible for EHRs to be shared between physicians, hospitals, and ancillary providers (74%)
- Email access to their doctor so they can ask questions and discuss their health via electronic mail (71%)
- Electronic prescription processing to allow health care providers and pharmacies to communicate without paper (76%)
But the patients also worried about the security of their electronic patient records. They are concerned with:
- Their health data being safely and securely stored (69%)
- Their health data being transmitted over the internet (66%)
- Hospitals and providers adhering to privacy laws (such as HIPAA) (66%)
It is interesting that 69% of patients wanted EHRs but 69% also worried about their records being safely and securely stored.
A second survey sponsored by the National Opinion Research Center (NORC) at the University of Chicago shows similar desires and concerns:
Despite the fact that 48% of Americans are concerned about the privacy of medical records, fully 64% said that the benefits of EMRs outweigh privacy concerns
So it is clear that patients want doctors to use EHRs but they are also very concerned with the privacy and security of their records. Many medical practices and health organizations are pushing forward with the use of EHRs so understanding and realizing patient’s concerns is really important. But what if medical practices and health organizations were to use patient’s concerns as a competitive advantage over other health organizations?
What if instead of looking at HIPAA Security regulations as something that is mandatory and required by the government, a medical practice sees HIPAA and patient security as a way of addressing patient concerns? Savvy medical practices can use the fact that they have implemented the HIPAA Security Policies and Procedures, performed a Risk Assessment on all systems that contain patient information and have trained their entire staff on how to protect patient information. Medical practices that have embraced patient record security can differentiate themselves from their competition. A clear message they can send to their patients is:
Come to our medical practice because we care about patient record security and will do everything we can to protect and make your records secure!
Medical practices can address patient’s concerns and use HIPAA Security as a competitive advantage. Something to think about.