What is the Only Thing Worse than Revealing PHI?
The only thing more dangerous than revealing protected health information is mixing it up.
In an unfortunate example of the remedy being worse than the disease, a pervasive secure texting workaround is resulting in dangerous consequences. Knowing they can’t include protected health information in unsecured texts to each other, hospital residents have devised code systems to communicate about patients without using their names.
“Patient 132B needs pain meds…”
“Mrs. AR still has not seen the cardiologist…”
It’s a logical idea, in theory. Encryption is not an issue if the patient cannot be identified by an intercepting reader, right?
What’s the problem? Some residents can’t correctly identify the patient, either.
“I’ve got 30 patients,” one resident complained. “How am I supposed to remember which one is 132B?”
“Residents have enough to remember; do they need to learn a secret code system for unsecured texting?”
The risks associated with misidentifying patients are well documented. A 2008 study from the RAND Corporation found that providers mismatch patients and records 8 percent of the time on average and cost U.S. healthcare providers more than $8 billion annually.
The situation hadn’t improved by 2014, according to the College of Healthcare Information Management Executives (CHIME). At that time, the Office of the National Coordinator for Health Information Technology found that while the best error rate was around 7 percent, the rate was usually closer to 10 to 20 percent within a health system, and 50 to 60 percent when systems exchanged information with each other.
A recent article published by STAT explains that an unfortunate confluence of misspellings, wrong digits, duplicate records and the vast quantities of data that health systems have to process boost the odds that a mix-up will occur.
For its part, CHIME launched the National Patient ID Challenge this year to encourage innovation that will solve this dangerous problem. The challenge will award a monetary prize to the technology plan that can achieve 100 percent accuracy in identifying all U.S. patients and matching them with their medical records.
For those residents who are texting PHI, however, there’s already a foolproof way to prevent patient misidentification. Secure, HIPAA-compliant clinical communication platforms allow clinicians to text each other using actual names and clear patient identifiers. Residents have enough to remember; do they need to learn a secret code system for unsecured texting?
Clinical communication platform technology has now evolved way beyond simple secure texting to include sophisticated teamwork modules for care coordination, on-call scheduling and more. But let’s not forget that its basic function addresses one of the most fundamental needs in healthcare: accurate, error-free communication.