A local doctor had been using my favorite offsite backup service for a few years. He decided to reduce costs by canceling this service. I reminded him that the service worked reliably and he had already experienced a successful real-world data recovery.
I reminded him that patient data was encrypted a) as it traveled across the Internet and b) on the backup service's servers. I obeyed his wishes and canceled his offsite backup account.A week later, I asked him how he was backing up his patient data. He told me, "I am backing it up on two $75 external drives from a local electronics store. I take them to my car. There I have a plastic box connected with a steel cable to the console. I put the hard drive in my car on Monday night and drive home. I swap these drives between the office and my car. Mark, I know you advocate backing up my patients' data to Boston...I just feel my solution is better. If something happens to the car, I can claim that I took reasonable precautions to protect my patients' medical records. I am compliant with state and federal HIPAA laws. One of the drives is always in the office and one is always in my car."
I kid you not.
I felt this was an awful idea and replied, "OK, let's see how things would play out if a disaster happened. Let's suppose you leave work one day and cannot find your car. In your usual parking spot is a pile of glass. Your car is gone. The drive with your patients' data is gone. You call 911 and report a car theft, and you tell the operator your car and a hard drive with 1,200-plus patients' medical records is gone. Sheriff's deputies come over to fill out a report.
"At the local paper, somebody listens to a police/fire scanner 24 hours a day. The reporter hears a) 'car theft,' b) 'prominent doctor,' and c) '1200-plus patients' medical records.' You become tomorrow's front page news. You also notify your 1200-plus patients that their nonpublic medical information may have been compromised because somebody stole your car. You may say you took reasonable precautions to protect patient medical records. You may say you were HIPAA compliant when you notified patients that your car was stolen.
"That won't stop you from becoming a local celebrity. You will become 'The doctor who kept patient medical records in his car all day.' That won't stop patients from taking their business elsewhere. They no longer trust you. Your fine reputation will be gone and your practice will be in jeopardy. Nothing you can do will fix that."
Now let me ask you: would you trust this doctor with your medical records? Why and why not?
Nobody is immune from disasters. How would you respond? Would you continue using this Doctor?
Mark Anthony Germanos is a business author and speaker. He wrote Escape the Cubicle: How to leave your corporate or government job for something better after leaving corporate America and becoming hapilly self-employed.
He shares traits that he sees in successful businesses and bad habits he sees in those barely surviving. He helps people get over the fear of becoming self-employed. He helps people make better decisions with SWOT Analyses, utilize social media to attract customers and decide where they should focus their time, energy and attention.
No comments:
Post a Comment