A newly-published study in JAMA Open has revealed that email alerts can be an efficient way to reduce the amount of unauthorized access to secure health information (PHI) that hospital staff members make. The Transparent Reporting of Evaluations With Nonrandomized Designs (TREND) reporting standard served as the basis for this study, which was conducted in a prominent academic medical center.
Previous research indicates that major academic medical centers are more vulnerable to PHI breaches than other hospitals. Approximately one-fourth of such data violations are caused by personnel who have not been given the correct permission to access the information. Data breaches have the potential to have serious consequences for both patients and health care providers, impacting their finances, reputation, and overall clinical outcome.
In this study, a non-randomized controlled trial was conducted to explore the potential of email warnings for preventing further unauthorized access to protected health information (PHI). Between January 1 and July 31 of 2018, 444 workers at a medical center had accessed patient electronic medical records without authorization, though no identifiable private information or biospecimens were compromised. The experiment split these 444 workers into two groups of equal size, 219 control and 225 test subjects, who did not differ in any significant manner. All of the test subjects were sent an email notification on that same day, stating that they had accessed a patient’s electronic medical record without any authorized work-related purpose and that such an action violates the privacy of the patient.
The results of the research showed that only 2% of individuals who were given an email alert repeated their unauthorized access, compared to 40% of those in the control group. This significant difference of 95% demonstrates that email warnings can be an effective tool in preventing further unauthorized access to PHI. The study emphasizes the importance of preventing repeated access to PHI, as this can result in serious financial, reputational and clinical risks for patients and healthcare organizations alike. Therefore, email warnings following the initial unauthorized access can be a beneficial measure for risk management.
The researchers conclude that using simple email warnings in conjunction with an access control system can help reduce unauthorized access to PHI. However, they did note that the study’s results may not necessarily be applicable to all settings, and further research is needed to better understand the prevalence and effectiveness of email warnings in other medical organizations. Nevertheless, they argue that the research highlights the necessity for continual risk management measures to prevent PHI breaches, due to the financial, reputational, and clinical dangers associated with such breaches. By enforcing these types of measures, healthcare organizations can help protect their patients’ right to privacy and security and minimize the potential financial and reputational damage that can occur due to PHI breaches.
