Please ensure Javascript is enabled for purposes of website accessibility

For the record: Technology changing the way attorneys handle health care privacy issues

By: JESSICA STEPHEN//April 20, 2015//

For the record: Technology changing the way attorneys handle health care privacy issues

By: JESSICA STEPHEN//April 20, 2015//

Listen to this article

doctor-shhhLeah McNeely never imagined laptops, cellphones and thumb drives would be such an integral part of her practice.

But as technology changes the way health care providers interact with patients, McNeely said attorneys are being forced to learn about the new-age practices that could compromise their confidential medical records.

“Technology touches every aspect of health care and what we do with privacy issues,” said McNeely, one of six attorneys assigned to Quarles & Brady’s health care practice group in Madison.

“From a HIPAA perspective, technology has definitely changed the practice, especially over the last 10 years,” added Jennifer Hennessy, another member of the Quarles health care practice team. “Think about an electronic record and being able to track every person who interacts with that record. With paper records there wasn’t that tracking mechanisms.”

It’s an advantage. If there’s a breach, with electronic records attorneys can more easily track who had access to files and when.

But that ready access also creates security concerns.

“Things like laptops and cellphones and thumb drives store a lot of patient information, and they’re very easily lost or very easily stolen,” said Hennessy, who focuses on HIPAA and state privacy issues. “When clients rely heavily on these electronic technologies to store patient information or transmit information, it’s so important they have encryption protection and heavy, heavy password protection to try to protect the information as much as they can.”

Too often, Hennessy said, they don’t.

“I’ve dealt with so many breaches because a laptop or thumb drive was lost or stolen. It’s caused a lot of pain and suffering for our clients.”

It’s also raised a lot of questions for patients, many of whom want to have copies of their electronic records, so they can see who is accessing them, too.

“We didn’t even get this question a year ago, but we’ve had more people asking, ‘Do we have to provide that?’” Hennessy said. “And, as the law currently stands, they do not have to provide that. The reason for the confusion is there was a proposed rule, but it was never passed into law. It’s things like that that makes health care law very interesting; it’s changing on a weekly basis. Every day something is happening.”

Social media is also changing the way attorneys advise health care clients.

“Providers might write something on social media that shares patient information and they don’t even realize it,” McNeely said.

stethoscope“Providers have had no bad intent,” Hennessy added. “They just reach out to say they hope a patient is doing well or they’re sorry to hear a patient is having a tough time or they’re sad to hear that someone has passed away. But, unfortunately, that is generally going to be a HIPPA breach, which requires notification. We’ve also had situations where providers don’t understand that even though something is common knowledge within a small community — that a patient is sick or is having surgery or has cancer — that is protected.”

To reduce the risk of a breach, Hennessy said many providers have adopted social media polices, so staff understand — and learn to avoid — how they can get themselves into trouble.

Companies that support health care providers, such as document shredding services, are also facing issues with confidentiality, partly because they don’t recognize that they are bound by the same HIPAA regulations as their clients.

“That can sometimes be a surprise,” Hennessy said. “You think of yourself as a document shredding company who works for a lot of companies and one of them just happens to be a health care company.

“Another big deal right now is cyberattacks,” Hennessy added. “Many clients have been affected by those attacks, like the one at Anthem, and trying to understand exactly what’s happening with that from a technology perspective is important for them. They don’t just want us to provide legal advice, they want to understand what’s going on with their systems.”

Which is why, McNeely and Hennessy said, they sometimes feel like they’re simultaneously practicing health care law and getting an education in information technology. That is why consulting IT experts has proven invaluable such an ever-changing environment.

“Everything is evolving so quickly. You really have to stay on top of the technology,” Hennessy said.

Polls

Should Steven Avery be granted a new evidentiary hearing?

View Results

Loading ... Loading ...

Legal News

See All Legal News

WLJ People

Sea all WLJ People

Opinion Digests