Medical providers have obligations under the law to protect patient data in all forms. And, as the use of electronic databases has grown, so have regulations.
Electronic Records and the HITECH Act
The Health Information Technology for Economic and Clinical Health Act (HITECH Act), which was created to stimulate the adoption of electronic health records (EHR) and supporting technology, requires healthcare providers to demonstrate “meaningful use” of EHR, first on an incentive basis and then on a penalty basis. This increased use of electronic records requires proportionate protection to ensure patient privacy and prevent identity theft. Furthermore, regulations no longer apply only to the medical providers, but also to their business associates, such as vendors who maintain medical database systems and collection agencies that help recover unpaid medical debts.
Protecting electronic records is difficult. Technological security measures must constantly be refreshed to stay one step ahead of “hackers” that may break into patient records. Healthcare organizations should therefore review their technological risks often.
But outside threats are only one small portion of the problem – another potential issue comes from employees who may not sufficiently protect data. That’s why it’s very important for everyone who handles medical records to be well trained in the regulations surrounding the handling of patient data.
Working with Vendors
Vendors (such as medical debt collection agencies) who work with medical providers must take their own measures to keep technology up to date and ensure employees are thoroughly trained. Medical providers should be careful to choose vendors who understand all of the applicable regulations protecting patient information, like the HITECH Act, and that the vendors have their own measures in place to ensure compliance. If the medical provider and the vendor are proactive in protecting medical records, the chances for successful protection are much better (and the chances for penalties to be levied are lower).
Therefore, we strongly encourage healthcare providers to choose a proactive collection agency that understands medical information regulations and implements data protection measures. If you’d like more information on how to choose a great professional collections agency, please review our free guide, How to Choose the Right Collection Agency.