Medical Data Breaches: The Latest Health Care Epidemic
Obeying HIPAA Rules
Counting the Cost of Security — and Insecurity
Taking Preventive Measures
- Concentra Health Services was fined more than $1.7 million because one of its facilities, the Springfield Missouri Physical Therapy Center, had an unencrypted laptop stolen.
- Adult & Pediatric Dermatology, P.C., a group practice, with offices in Massachusetts and New Hampshire, was cited by OCR because an unencrypted thumb drive containing the ePHI of approximately 2,200 individuals was stolen from the vehicle of one its staff members. The practice agreed to pay $150,000 for the violation.
- Seattle-based Providence Health & Services was fined for leaving backup tapes, optical disks, and laptops with unencrypted PHI unattended, which were then stolen.
Don’t Overlook Password Protection
- A capital letter
- A lowercase letter
- A number
- A special character like %, #, *, or @
- U.S. Department of Health and Human Services Office of Civil Rights. “Breaches Affecting 500 or More Individuals.” https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- Cerrato, P. “Protecting Patient Information: A decision maker’s guide to risk, prevention, and damage control.” Elsevier/Syngress, 2016. https://www.amazon.com/Protecting-Patient-Information-Decision-Makers-Prevention/dp/012804392X
- “Global CEO Outlook 2015.” https://assets.kpmg.com/content/dam/kpmg/pdf/2015/08/global-ceo-outlook-2015.pdf
- Cornell University Law School Legal Information Institute. 45 CFR 164.308 – Administrative safeguards. https://www.law.cornell.edu/cfr/text/45/164.308
- “Is Your Organization Compromise Ready? 2016 Data Security Incident Response Report.” https://bakerlaw.com/files/uploads/Documents/Privacy/2016-Data-Security-Incident-Response-Report.pdf