Unfortunately, anxieties do not magically dissipate at the start of a new year. Whether minds reel with concerns for professional obligations, complex family dynamics, shaky finances, or global stressors, we all have thoughts that keep our eyes open late into the night. The last couple of years has also introduced more scrutiny about healthcare; while worries about health may manifest as nebulous unease, chances are many people don’t lose much sleep over the state of their private health information.
Technology morphs the way society perceives privacy. Social media and search engines wield terms of service that require concessions of use, often forfeiting personal information. With identifying qualities from names to casual hobbies at the mercy of ad agencies and algorithms, it can be easy to think, “Who cares? Companies know everything about me anyway.”
When it comes to an individual’s healthcare history, that is not the case. The ability to access one’s own health information and determine by whom it is accessed is a human right, both legally and ethically. Although providers should be inherently trusted to maintain that standard, the cold truth is all healthcare provider security is not maintained equally.
Throughout 2021, B’well Counseling Services took mindful steps to place systems-aware strategies into our everyday operations that prioritize and protect access to our clients’ private health information.
What’s Behind the Curtain?
Year-long achievements and growth are often elusive. Life lacks the narrative structure of fiction, and change generally stems from incremental, nuanced decisions rather than climatic choices.
That is certainly the case here at B’well. To meet our security goals, we teamed up with Person Centered Tech to carefully implement policies, procedures, and mitigation techniques that will assist in maintaining the trust of our clients and uphold federal and state HIPAA Security Rules.
The landscape of the mental health community is not Oz nor do we intend to be the Wizard. The security of private health information shouldn’t be elusive or at the mercy of good faith alone. It is our hope to pull back the curtain and show our clients and colleagues how small choices and intentional policy growth builds a solid foundation of professional security -- and we can, perhaps, inspire others to take such strides.
Strengthening Our Defenses
B’well has always valued our client information. Thus, the thoughtful decisions, creative training, and regimented policies we’ve adopted over the last year work to strengthen our defenses against unauthorized access to client private information.
Our primary implementation is stronger device security measures. The iPads, computers, and phones that our clinicians and administrators use to handle private health information are carefully vetted on software and hardware levels to meet strict security standards. Staff choose complex passwords that are changed regularly and employ additional safeguards such as automatic lock outs and full device encryption. These critical redundancies ensure that if a device is lost, stolen, or otherwise compromised, no one but the device owner can access files or systems.
We require approved network connections with specifications to prevent remote access on all devices. A virtual private network (VPN), which is a software service that makes it difficult for outsiders to trace internet usage, is employed on devices during use. Additionally, we perform regular audits through all our services to determine all systems are secure.
We have also introduced additional client communications to the portal over the last year. Admittedly, it may be overwhelming to fill out intake paperwork or complete additional forms to access personal information. However, these forms offer transparency to clients so they can best understand the security of their communications with B’well and aid in the determination that the client--and only the client--can access or grant access to their private information.
Of course, a tool is only as successful as its user, and the crux of B’well’s security methodology is a staff of clinicians and administrators who harbor a passion for their ethical and legal responsibilities. We perform background and reference checks on all prospective hires, and we require the necessary licensure and certifications for each role.
A Good Night’s Sleep
Credit card numbers are alluring to thieves and swindlers, but they can only be used a few times before the theft becomes evident. Protected health information, however, outbids any other personal information on the black market by upwards of 5000%.
The information in healthcare records promises a wealth of lucrative benefits to criminals, from basic identity theft to insurance fraud or, in some extreme cases, even extortion.
We understand that a client’s private information isn’t simply hanging on a dollar sign. Clients may have someone in their life who could pose a danger if they obtained therapy notes, or a place of employment might risk discrimination with information gleaned from private records. Clients have the right to determine who has access to their health information outside their established circle of care, and B’well’s person-centered values are inexorably tied to preserving that right wherever we can.
In the upcoming year, it is our hope to share more operational and advocacy items as we continue to evolve as a practice. Until then, we recommend putting the cat memes away and getting a good night’s sleep - hopefully we’ve given you one less thing to worry about.