No, we're not talking about the animals in the zoo. And no, we're not making a reference to an old Star Strek episode. And no, this is not going to be your standard HIPAA discussion suggesting the proper solutions that will fix the medical community's privacy issues.
Despite the regulations that HIPAA is attempting to address, patient privacy is being violated on a regular basis, despite our best intentions. How? To answer that question, let's step back for a moment and talk a bit about computers and their connections to the Internet.
Look up near the top of your browser's window. See the URL bar? That place where the "www" appears (most of the time)? If the URL doen't have a prefix of "https://", the information flowing back and forth between your browser and the Internet isn't encrypted and can readily be visible to anyone with minimal computer skills and a desire to look at what you are doing. More generally, all connections to your computer, unless encrypted, are easily viewable by third parties. That includes your email, text messages, instant messages, and web pages.
What's my point? Well, despite the fact that most medical software transmits information in encrypted form, there are loose ends that leak private patient information. Where are those leaks, and how do we plug them?
The biggest leak of confidential patient information from a medical practice is email. Have you ever asked a colleague for a consultation via email? Have you ever asked a patient a question or sent information to a patient via email? Well, unless you used a special email program provided by your institution that takes extra steps to prevent prying eyes from reading it, you should assume the patient's confidential information has been compromised.
The take-away is this: Don't send confidential patient information using text messaging, email, or instant messaging, unless those programs are explicitly certified to be HIPAA compliant.
