Healthcare News & Insights

Protect patients’ data from insider snooping

For healthcare providers, the biggest security threat is often the organization’s own employees. That’s what one Florida hospital recently learned. 

computer-security-2Holy Cross Hospital, based in Fort Lauderdale, recently announced a data breach involving a former employee who was stealing patient information for almost two years.

According to the hospital, the ex-staffer stole the files of about 9,900 patients from November 2011 to August 2013. Information breached included Social Security numbers and protected health information. Officials said the employee, who has been fired, may have intended to use the data to file fraudulent tax returns.

That wasn’t the first time an insider threat led to a data breach at Holy Cross. In 2010, 1,500 records were also stolen by former hospital employees.

Stop insider threats

Unfortunately, all healthcare organizations face the threat of insider snooping. Those types of breaches happen for a number of reasons, such as criminal intent or employees’ curiosity — for example, if unauthorized employees access the information of a celebrity who was treated at the hospital.

To keep patient data safe from those threats, here are some steps hospitals can take:

1. Train employees

Many privacy breaches happen because employees don’t that what they’re doing is against the law or that there are serious consequences for looking at information they aren’t authorized to see. Making sure all employees are trained on HIPAA rules and other regulations can have a big impact on staff members’ behavior.

2. Conduct background checks

Healthcare employees have access to a lot of sensitive information that can be used in criminal activities. An effective screening process can help weed out people who may abuse that access for malicious purposes.

3. Watch for ex-employees

In addition to people currently on staff, organizations can face threats from people who have quit or been fired. Often people take data on their way out the door, and 16% of employees say they can still access accounts at places where they no longer work, according to a survey conducted by Harris Interactive and Courier.

To avoid that, it’s important for IT and other departments to be in close communication so the tech staff is aware as soon as someone leaves the company or changes roles.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.