Jason Throckmorton (throckmj@somc.org) is an Information Security Auditor at Southern Ohio Medical Center in Portsmouth, OH.
Most recent breaches of unsecured protected health information (PHI) reported to the Office of Civil Rights (OCR) have been electronic in form (e.g., email, electronic medical record [EMR], or network server).[1] Indeed these types of breaches are getting the headlines as the healthcare industry is focusing more and more on safeguarding PHI in electronic form. However, PHI still exists in paper form.
What do we do about that? You should ensure that paper records are stored and/or destroyed properly. From the point that paper forms containing PHI are either submitted by the patient or printed by the healthcare worker, they are at risk of being inappropriately released. Ultimately, the forms are either scanned or the information is typed into an EMR. What happens next is a critical step in safeguarding the PHI.