Last week John Lynn and I had the opportunity to attend the annual AHIMA conference (#AHIMA20) which was held virtually. After attending numerous sessions over the three-day event, it was clear that data privacy and protection was on the minds of event attendees.
In addition to the dedicated privacy and security track, a quick scan of the other presentations showed that protecting patient data was a key topic in the AI, SDOH and Informatic/Analysis and Data Use tracks. It’s not surprising given the growing awareness of health data security amongst patients and regulators.
Surprising source of breaches
One surprising fact that many patients may not realize is that the most common form of privacy breach remains paper records. Yes, that’s right PAPER records.
In her session “Data Breaches & Privacy Officers: Studies of Their Characteristics and Those Who Report”, Amanda Walden, a faculty member at the University of Central Florida in Orlando, FL presented the slide shown on the right.
You could almost hear jaws dropping over the Internet.
Walden referenced a 2018 study published in The American Journal of Managed Care where researchers looked at the data breaches reported to the HHS Office of Civil Rights from 2009 to 2016 and found that paper records were the top source of data breaches in hospitals. However, paper breaches were found to affect the least number of patients especially when compared to the thousands of records that were impacted with a breach of electronic records.
I found this statistic shocking on two fronts. First, I did not realize there were still significant numbers of paper records being used in US healthcare. Second, I had no idea that they were so frequently breached. I had the notion that paper records were somehow more secure than electronic ones given they were not susceptible to phishing, viruses or other electronic forms of attack.
Device security goes beyond clinical areas
Immediately following Walden’s session, I attended Ty Greenhalgh’s presentation “Medical Devices – An Open Door to Harm Networks and Patients” and the surprises continued.
When thinking about device security in a healthcare facility, it’s more than just clinical devices. Just take a look at all the devices in this diagram: retail devices in your cafeteria, TVs, etc. All of these are connected points of vulnerability. #AHIMA20 #HITsm pic.twitter.com/NQrR1YsNwQ
— Colin Hung (@Colin_Hung) October 16, 2020
This was eye-opening for me. I never really considered all the devices in other areas of a hospital, like the cafeteria and main lobby. As Greenhalgh points out, those devices are just as important to secure as the ones in the patient rooms because all of them operate on the same network and are thus interconnected.
Compliance with HIPAA is not the same as trust
By far my favorite comment from AHIMA20 about privacy came from the opening panel discussion:
Love this statement from the #AHIMA20 panel on privacy: “It’s one thing to comply with #HIPAA It’s totally different to align around TRUST”. The two are not synonymous although they should be. The former checks a box. The latter will help you grow your organization. #HITsm pic.twitter.com/W6d6QP0mCY
— Colin Hung (@Colin_Hung) October 14, 2020
The panel put into words what many HIM and Health IT professionals have known intrinsically – that compliance with HIPAA doesn’t necessarily equate to being a trustworthy organization. Trust means so much more than how you treat healthcare data. According to the panel, trust is the most important form of patient currency right now and without that, healthcare organizations cannot grow.
Most interesting AHIMA20 sessions
One of the most interesting session at AHIMA20 was “No More Wristbands” that showcased IDION’s skin-applied patient identification technology. This was essentially a patch that was printed (painlessly) onto the patient that had all the same information as a wristband. Patients found it far more comfortable and clinicians (nurses especially) found the patches much easier to use. More on this in a future article.
Another interesting (and enjoyable) session came from the Office of the National Coordinator (ONC). Stephen Konya moderated a panel that spoke about FHIR at Scale.
— Colin Hung (@Colin_Hung) October 14, 2020
In addition to the educational sessions, there were several fun things that happened at AHIMA20.
CorroHealth, the newly formed company from the merger of: TrustHCS, Visionary RCM, T-System and RevCycle+, published a series of #AHIMACarTalk videos – the socially distant version of last year’s super-successful #AHIMARoadTrip campaign.
We have Jodi Stewart joining us for #AHIMACarTalk this morning! Jodi was going to join Greg and Dalton on the #RoadToAHIMA trip this year… Next year, though… #AHIMA20https://t.co/UbavNvGgiX@AHIMAResources @AHIMAFoundation @AHIMAInt
— CorroHealth (@CorroHealth) October 15, 2020
There was also MRO’s chocolate pick-me-ups that they sent out:
— Diann H Smith (@DiannHSmith) October 15, 2020
The best was this short video via himagine solutions that featured none other than “The Hoff” himself – actor David Hasselhoff.
— himagine solutions (@himagineInc) October 19, 2020
AHIMA20 was well run, easy to navigate and I didn’t experience a single technical issue (a rarity). I can honestly say it was nice to get back to live-tweeting sessions after a long self-imposed hiatus over the summer.
It was also fun to be able to coordinate event coverage with John, something we have not been able to do since last year. He met with a number of vendors and wrote several great articles from his discussion:
- AI Assistance is Like a Multiple Choice Test
- Changes to HIPAA, New Data Interoperability Rules, and the Impact of COVID-19 on ROI
- Payment Personalization, Charge Capture Analytics, and CAC at Virtual AHIMA 2020