October 01, 2019

5 Risky Hospital Documents: Patient Health Information

Data and privacy breaches at hospitals seem to be more common than ever and continue to be a recurring target for information thieves. The healthcare industry is susceptible to these attacks for a few reasons, but primarily due to the nature of the service itself. With physical copies of patient records, identity documents, insurance records and health cards floating around, it is essential that hospitals and clinics ensure to take information security seriously.

As of 2017, 89% of the health care organizations surveyed by Shred-it have had at least one data breach in the last two years. Not only that, 47% of organizations have little to no confidence in their ability to detect patient data loss or theft. On average, 3,000 medical and healthcare records are stolen per breach. With that in mind, it is imperative for both patients and healthcare practitioners to keep track of the following documents in hospitals and clinics that are most vulnerable to a data breach.

1. Patient Chart and Treatment Details

Discarded and obsolete patient charts must be destroyed safely. Having access to patient charts with details about treatments and dosage received by a patient can lead to ethical violations that can potentially put the organization at risk. It’s not just good practice – it’s the law.

2. Drug and Rx Information

It is important to safely store and destroy any necessary drug and dosage information, prescriptions, and prescription pads. This is to ensure that poorly discarded prescriptions and stationary is not used for prescription fraud.

3. Registration and Payment Documents

All PII (Personally Identifiable Information), such as IDs, credit cards, billing information, addresses and phone numbers must be stored safely or shredded if the records are no longer needed. If PII are not handled carefully, the information can fall into the wrong hands, and lead to a number of issues, including spam campaigns and identity theft.

4. Insurance Documents 

Insurance documents contain personal information regarding patients and their finances, which can put the patient’s identity and the reputation of the hospital at risk if they are not disposed of properly.

5. Diagnosis

Patient diagnosis documents must only be shared with the patient and authorized personnel. If these documents are not safely stored or destroyed, they can expose the organization to massive regulatory risks.

Start Protecting Your Patients and Your Business

Hospitals and healthcare organizations must invest in secure document destruction and robust information security practices.

Organizations should work to provide engaging training programs for practitioners and administrative staff, as well as having regularly scheduled “purges”. Organizations must also ensure that obsolete electronics and hard drives are safely destroyed on time. Implementing a clean-desk policy and Shred-it-all policy for administrative staff and practitioners when they leave their work stations is crucial to creating a security-conscious work environment.

To learn more about how Shred-it can protect your documents and hard drives, please contact us to get a free quote and security risk assessment.