Resource Library

Creating mobile device policies can be tricky. Burdensome security policies and strategies that diminish productivity will most likely result in employee workarounds that defeat security efforts.^1,2 Additionally, human error and criminal intent can defeat the best-intentioned employee laptop and storage device security strategies. Despite these difficulties, mobile device policies are a necessary part of a comprehensive information security program to prevent HIPAA data breaches.

A review of the data on the OCR Breach Portal indicates that only about 20 percent of healthcare data breaches through 2017 are the result of hacking, but they involve large numbers of records.¹ Unfortunately, the healthcare industry also has more data breaches than any other industry.² There are various reasons for this. We describe some of those here and offer recommendations for preventing HIPAA data breaches caused by criminal hackers.

The most conservative addiction and overdose prevention policies and procedures can’t protect a primary care clinician from inheriting a patient who is taking high doses of opioids for chronic pain. In many cases, because of the patient’s limited resources or the limited number of specialists in the community, primary care clinicians are expected to satisfy the patient’s needs for specialty care, including pain management, mental health, and physical therapy. Although there is no perfect solution for clinicians faced with these challenging patients, the following recommendations can decrease the risk of overdose and increase the chance that patients can be transitioned to safer pain management:^*

Physicians need to be especially careful when managing chronic pain with opioid medications. Medical practices often seek risk management advice when they suspect a patient is misusing prescription medications, is not complying with treatment, or when the patient is making unreasonable demands for more opioids. If a patient suffers harm as a result of opioid medication use, a physician may become the target of a lawsuit alleging negligent treatment of chronic pain.

NORCAL’s risk management specialists were asked to provide EHR liability risk issues they were seeing in the field. In addition to the issues covered in the EHR case studies presented in the March 2014 issue of Claims Rx, their list included: