Working in the healthcare industry requires Notaries not only to follow state laws regulating their notarial acts but also comply with federal and state privacy laws. To shed more light on the subject, the Healthcare Professionals Sectionspoke with Tena Friery, a healthcare privacy expert with the Privacy Rights Clearinghouse in San Diego, California, about steps Notaries need to take to protect sensitive information in a healthcare setting.
How serious are the problems of healthcare organizations keeping personal patient data secure?
By all accounts instances of unsecured medical data are steadily increasing. For example, a 2011 study by Veriphyr found that 71% of healthcare facilities had experienced a data breach in the last 12 months. The Stanford University Medical Center breach was one recent example. That involved 20,000 emergency room patients’ information that was posted on the Internet. There are also numerous instances of breaches involving more than 500 people posted on the Department of Health and Human Services website.
How Are Notaries affected by federal and state healthcare privacy laws?
Notaries who work for healthcare facilities are also subject to HIPAA, the federal medical privacy rule. In California, state privacy laws apply to other facilities such as home health agencies and hospices, in addition to those covered by HIPAA. Notaries are also regulated by state law. It’s quite likely a Notary who works for a healthcare facility will have duties in addition to notarizing.
This means that Notaries, unlike other healthcare workers, are subject to multiple layers of regulations at the state and federal level. If there’s a privacy violation, healthcare employees, just like the facility, are subject to penalties. With that, the most important thing anyone who works in a healthcare setting should do is to be fully versed on privacy and data security laws.
Do you have suggested steps Notaries should take to protect this information in their journal or recordbook?
For “paper” records, such as a Notary’s journal, the best advice is to keep the records under lock and key, with access limited to authorized persons with a legitimate need to know. Proper disposal of both paper and electronic records is another key to security. Paper records should never be discarded in the trash nor electronic devices be sold without scrubbing.
Is it important for Notaries to secure sensitive information within an office setting?
Journals, though not the property of the healthcare employer, might also include information that is considered personal health information subject to HIPAA. Personal health information is not limited to a diagnosis or test results, but includes any information that can identify the individual, such as Social Security number, credit card number or driver’s license. In the Veriphyr study, the most common data breaches involve simple snooping into the records of other employees, family members or friends. Leaving journals or any other sensitive information out in the open is just inviting trouble.