Shadow chart is the form of protected health information which is difficult to manage. HIPAA’s privacy and security standards help in increasing the safety of this information. Shadow charts are formed because of various reasons and used for various reasons. When primary records are not accessible, physicians tend to make copies of them for easy access and reference. Physicians use these for billing. The shadow charts are not as complete and accurate as a primary record. There is no proper procedure, tracking and accounting for the release of information from shadow charts. There are no strict HIPAA rules for the security of the patient information in shadow charts. But these are subject to covered entity’s policies and procedures. In most of the cases, the shadow charts become completely separated records from the primary record. In these instances where the shadow chart has the patient information associated with an episode of patient care which is not included in the electronic record, such documented information should be scanned to the electronic record and added to the original permanent legal record.
A2. Ways to reduce incidents of breach of security of patient health information:
Information technology staff can help decrease incidents of security breaches in following ways:
a) Providing the staff which handles the patient’s information with restricted access. Access should be provided to the employees for the information that they deal with.
b) There should be continuous monitoring on usage of the access to patient information. Audit trail should be run to know if there are any breaches. Strict policies should be implemented to prevent password sharing.
c) There should be restrictions on the passwords created by users with regards to complexity, maximum and minimum duration of the password, history of the password etc. Login information should be changed once in three months to keep