PracticalDermatology

We are a society obsessed with data. Most of us focus our efforts on trying to protect data, such as keeping our mobile phone number off the rolls of spammers or, more importantly, protecting our personal information from identity thieves. Others are obsessed with collecting data. Google’s value, for example, is in the tremendous amount of information it collects about users and can share with advertisers.

As physicians, we tend to focus our data gathering on patient management. When did the rash begin? Do you smoke or use drugs? Is there a history of eczema in your family? Is your condition causing social anxiety?

As healthcare business people, we deputize our staff to collect other important data—notably insurance numbers and billing addresses—so that we can get paid to do the work we do. As Dr.Schlessinger discusses in his article on p. 21, we can glean valuable information from our existing data, as long as we organize information in the right way and review it properly and with regularity. And, he notes, if we make an effort to gather patients’ e-mail addresses, we have a key piece of data with which to communicate with and market to our base.

Dr.Schlessinger rightly points out the need to protect our financial practice data as well as patient health data and to comply with regulations relating to patient privacy, notably HIPAA. But it is also important to remember that we as physicians must maintain ultimate responsibility over our data. Too often, we not only allow staff necessary access to data but also yield complete control over it. Think about it. Do you have the passwords needed to access your billing system? The scheduling system? Your practice’s online banking records? The current practice accounting files? Have your employees set their own passwords for access to their computers?

When my long-employed practice manager left my practice a few years ago, I suddenly realized that I could not readily access much of the data for my practice financials and for my patients’ records. I had allowed her to set pass- words and I did not require her to tell me what those were. We have to provide certain staff members access to critical information in our practices, and to this end we hire competent individuals we believe we can trust. Yet, we must be realistic and wise. We protect ourselves by ensuring that staff are trained on HIPAA regulations and have them sign forms indicating that they understand and will comply with privacy and confidentiality policies. This is just a first step. Set guidelines on the appropriate use of your practice’s data and set clear standards for who may access that data. Be sure that you know all passwords or have an over-ride password for all systems, so that you have access to critical data at all times. It’s your practice. It’s your data. It’s your livelihood.