Introduction
On Data Privacy Day, I thought it might be helpful to write a little bit regarding the nature of privacy in the healthcare world. Many people know that there are laws like HIPAA that are in place to protect patients from their personal health information being breached. And while there are stories regularly about breaches, the amount of effort that goes into protecting health information is immense. Maybe by providing some insight into that world you, as a reader or one of our clients, might gain a greater sense of confidence or understand ways in which you can also protect yourself.
It’s more than just privacy
In order to manage the private information of all of our clients across the United States, MINES employs the use of an electronic health record system that stores and protects access to information, even from within our own company. We use layers of access and control as well as tracking our own users within the system. This also means that we have to employ some pretty strict control mechanisms within the system to ensure that security of data is maintained.
But, there are many times when we need to exchange information with other groups on your behalf. An example of this is providing an authorization to the provider that they are pre-approved to receive payment for services. To do so, many providers elect to receive this information via email, in which case the provider is sent a notification email where they are prompted to log into a secure website where that information can be accessed. We have structured our agreements with these providers to protect that information as best we can from the very beginning.
Part of the key to good data privacy policy that MINES employs is to only ask for information that is needed to provision services. For most of our clients, especially on the Employee Assistance side of our services, we ask for the last four digits of your social security number. This is used to help verify identity for later discussions with you. But the reason we don’t ask for your full social security number is because it creates a situation where we are storing information that isn’t critical to our needs to serve you.
Identity and security
As mentioned above, a critical element to protecting your privacy is tied to identity. Without going too deep into how this is handled across the healthcare industry, identifying an individual is usually done at MINES by their date of birth and last four digits of their social security number. From there, all internal work is handled by using a unique identifier, called a Patient ID. This allows us to be able to reference information from the central patient database without using your name, or other personally-identifiable information; decreasing the likelihood of erroneously sharing your data.
A note on confidentiality
Your information is never shared with your employer except in the case of Work Performance Referral in which case you will be asked to complete a letter explicitly allowing us to communicate with your employer regarding your progress. Your information is also confidential from disclosure to other employees at your company or anyone else for that matter without your permission. For example, even your spouse or family member cannot receive information about you from our staff without your permission. The exception to this is when information that we receive poses a threat to others, in which case we may be legally required to act.
Ways you can protect yourself
This isn’t meant to be alarmist, or to suggest that you shouldn’t provide as much information as you can with MINES. We implement a lot of control to make sure that the information that you provide to us is protected. However, below are a few things that you can do to help protect yourself.
If you elect to receive email from us – for example, to communicate about an upcoming session, or request additional information – you should know that email alone is not secure. While most information that would be sent isn’t highly sensitive, it’s certainly something to be aware of. Regarding corporate email, specifically, most information that flows through corporate email servers is logged, stored, and likely accessible to IT professionals on some level at your organization.
Request a copy of the privacy notice
All providers should have this readily accessible to clients. By reading through the privacy notice, you can get a sense for how information about you can be used and what recourse you have in the case of a breach or needing a copy of your record on file with the provider. If you’d like to see our privacy policy, you can find that on our website, here.
Voicemail
As mentioned above, regarding the confidentiality of your information, when you call into MINES to receive access to services, the staff will ask if it is okay to leave voicemail. By providing a voice mailbox that is accessible only to you, we can make sure that your information is not being shared with other parties.
What’s on the horizon for us
In an effort to continue to meet the needs of privacy in an ever-more-connected world, MINES is engaged in a number of initiatives that will further protect and ease information exchange to simplify how we work with you. Soon, you will be able to create an online account with us where your history with MINES can be accessed. You and your provider will be able to use this platform to communicate with each other in a secured environment. You will be able to create your own account with us without calling in, so that if you want to request services but are concerned about someone overhearing the call, you can do so silently. And perhaps most exciting from my perspective, you will be able to create and access your account using a Facebook or Twitter account, allowing you to quickly authenticate your identity without pesky usernames and passwords!
We take security very seriously at MINES. We want you to have peace of mind when sharing information with us. If at any point in time you have questions, concerns, or suggestions regarding how we handle privacy and security, we welcome your insight. You can email or call us during regular business hours at info@minesandassociates.com or 800.873.7138.
To your health,
Ryan Lucas
Chief Information Officer
Security Officer
MINES & Associates
Leave A Comment