Healthcare News & Insights

Two hospitals report security breaches: Avoid their mistakes

Two recent incidents involving hospital data breaches illustrate why your hospital needs to have policies and safeguards in place to prevent these problems before they arise. 

With one data breach, an employee at Reading Hospital, in Pennsylvania, used the protected health information (PHI) of several patients for a training exercise. The unidentified person used printed copies of medical records in a class on medical coding and billing at an offsite, unaffiliated educational facility.

Data exposed by the breach included the patients’ medical records, test results and prescription information, along with their Social Security Numbers.

Once the hospital became aware of the breach, it immediately began crisis control, firing the employee in question and notifying patients of the incident.

The other data breach occurred when an employee at Boston Children’s Hospital lost a laptop containing a file with the PHI of more than 2,000 patients while attending a conference in Buenos Aires, Argentina.

Patient info in the file included names, birth dates, and details about their diagnoses and treatments. Although the laptop was password protected, the info saved on it wasn’t encrypted.

The hospital notified patients of the breach via e-mail.

To prevent something like this from happening at your hospital, it’s essential to foster an environment where healthcare data security is a concern for everyone, not just the IT department.

Train all employees on the proper protocols for handling PHI. Make sure they know exactly what should and shouldn’t be done with patients’ medical information. That way, protecting sensitive data will be at the forefront of their minds.

Know how and where PHI is stored in your hospital, and make sure to control access as much as possible so that data doesn’t fall into the wrong hands. If it does, have adequate security controls in place to protect the information, tailoring them to how your data is stored. For example, encrypt PHI that’s saved on computer hard drives. Passwords alone aren’t strong enough.

And don’t underestimate the power of risk assessments. They’re required by HIPAA, but they’re also invaluable tools to learning just how data flows throughout a hospital. A risk assessment is one of the best ways to discover problems and fix them before they lead to breaches.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.