Healthcare News & Insights

Recent data breaches show importance of properly handling patient info

Training employees to properly handle confidential patient data can result in fewer headaches for your hospital and a smaller chance of data breaches.

This is especially important in the wake of two recent reports where hospital staff members have been accused of selling patient info to third-parties.

Accessing too many files

In one instance, an employee at a Florida hospital allegedly accessed over 700,000 patient records, which contained dates of birth, Social Security numbers and insurance info.

Dale Munroe, who registered patients in the emergency department of Florida Celebration Hospital, is being charged with taking the info of patients who had been in car accidents and handing it over to someone who gave it to chiropractors and attorneys in exchange for a fee.

The scheme was uncovered when a hospital employee was contacted by one of the third-party recipients of patient info. Knowing patient records were supposed to be confidential, the employee alerted the hospital, and an investigation followed.

Suspicion was raised when authorities discovered the sheer number of records Munroe accessed. The average employee in his position only accessed around 12,000 patient files in the same time period.

After the investigation ended, Munroe was arrested and charged with violating HIPAA privacy regulations.

Social Security numbers compromised

The University of Miami Hospital reported the second data breach. In this case, two employees took patient info from registration “face sheets” and sold it to third-party companies.

The face sheets contained patients’ names, addresses and birth dates, as well as their insurance policy numbers.

Social Security numbers were encrypted except for the last four digits, but since some insurance companies, including Medicare, use Social Security numbers as policy numbers, this info was readily available for some patients.

Once confronted, the employees admitted their guilt and were immediately terminated.

Patients who visited the hospital between October 2010 and July 2012 were at risk. The hospital has sent affected patients a notification letter offering them free credit monitoring services.

Protecting patient info

These examples drive home an important point: Confidential patient info should never be provided to third-parties under any circumstances. All staff members who have access to patient records need to be aware of this fact, from front-desk staff to clinicians.

Regular training sessions reminding employees about best practices with handling patient records, and the consequences that could arise if they don’t, are essential to avoiding similar situations.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.