Don't Make a Million Dollar Mistake!
It should come as no surprise that data privacy is a big issue. It seems any organization, no matter how careful, is susceptible to privacy breaches. Though high-profile cases of malicious intrusion and data theft get all the headlines, a good many incidents happen by mistake. A particularly dangerous area for print and mail service providers involves protected health information (PHI) covered by the HIPAA and HITECH laws. Over the last two years, enforcement of these regulations and punishments for unlawful disclosures have increased.
Protecting the information on printed or electronic documents is not to be taken lightly. In their Fifth Annual Benchmark Study on Privacy & Security of Healthcare Data, Ponemon Institute LLC reports the average healthcare privacy breach affects 5,000 records and costs Business Associates $1 million.
HIPAA/HITECH enforcement authorities consider service providers who process documents containing billing and insurance information, medical data, prescription details, or lab reports as Business Associates (BA’s). If your company handles any such data and a privacy breach occurs, your firm could be subject to regulatory fines and audits.
Though criminal activity against healthcare organizations has risen 125% over the last 5 years, Business Associates attribute only half of their privacy incidents to malicious activity. The rest are the result of mistakes, errors, and accidental violations, of which many are easily avoidable. If you have the right tools you can protect your business from expensive consequences that can materialize because of an innocent error.
What's on the Page?
The products and methods print/mail service providers employ to control data that prints on a page, and which pages to insert into an envelope, continually evolve and change. Software upgrades, migrations, or conversions can inadvertently expose previously hidden information or errantly mix data from more than one patient.
More aggressive compliance activity has motivated shops processing healthcare documents to upgrade their old-style manual quality control measures, thereby lowering their risk of accidental infractions. With sophisticated print stream comparison tools like Print Perfect™ from Paloma Print Products, print/mail service providers can make sure the pages generated by Customer Communication Management (CCM) software haven’t changed in a way which exposes private information on their customers’ documents.
Legacy Print Verification Methods Ineffectual
In the past, document producers would perform quality control by printing the same documents from the old system and the new CCM systems. An employee would then sit at a conference table and page through the stacks of paper, visually comparing the data on corresponding pages. This approach has several drawbacks:
- Fatigue. After a certain amount of time, humans stop really examining the pages. Errors slip by unnoticed.
- Time. Manually comparing pages is an extremely slow, labor-intensive, and subjective process.
Time is wasted and many errors go undetected. In addition, employees assigned to this task are
invariably pulled away from other important, often core, duties such as development.
- Knowledge Blindness. Often, the programmers or document designers who created the
documents are also the inspectors. Because they know how things are supposed to work (and
are confident in their ability to code it correctly) they can overlook errors. They literally do not
see the problem.
- Too Many Variables. Instead of relying on the mass-produced documents of the past,
organizations today are crafting their communications for an audience of one. They use
information about individual document recipients to control text blocks, graphics, and options.
It may be impossible to find examples of every variable combination with manual spot-checks.
Automated Testing Scans Every Page
Automated document quality assurance solutions solve all the challenges of manual quality control. Because automated systems quickly review every page with a high degree of accuracy, print/mail service providers can test their documents more often and more thoroughly. They catch more errors and detect them sooner. This allows them to make corrections and limit their exposure to regulatory punishment.
Print/mail service providers are likely to spend proportionally more money responding to a privacy breach than their healthcare provider customers. Hospitals, insurance companies, and pharmacies may already have policies, procedures, and teams in place to deal with the fallout of a health information privacy incident. They frequently have greater financial resources than their print/mail vendors who must learn how to respond to HIPAA/HITECH incident inquiries, gather documentation, arrange for audits and certifications, and handle lawsuits or public relations issues. Spending a million dollars to recover from a privacy breach would be a severe financial blow to many print/mail service providers. Prevention is much less expensive.
One factor determining the extent of punishment and fines levied upon a HIPAA violator is neglecting to establish procedures that would have prevented or minimized the effects of a breach. Organizations have been disciplined for lacking written procedures, not training employees, or failing to enforce existing policies. Adding comprehensive print-comparison capabilities to your workflow could be looked upon as insurance against punishments for such “failure to prepare” conditions.
As threats continue to escalate and enforcement steps up, HIPAA/HITECH Business Associates are recognizing their exposure to expensive regulatory violations. Unlike the constantly-changing challenge to protect networks from data hackers, accidental PHI exposure through printed documents is easily managed by implementing an automated testing solution.