Dexcomm Blog

HIPAA Case Study: An Employee Selling PHI for Profit. Would You Have Recognized the Threat?

September 04, 2012

Typing on KeyboardA Florida hospital is currently dealing with a massive breach that is affecting over 760,000 patient’s protected health information (PHI). Concluding almost a yearlong investigation, the hospital is relieved that the source of the breach has been discovered. The former employee has been arrested and accused of unlawfully accessing thousands of patient records from several hospitals involving emergency room visits. The accused was a former ER Registration Representative whose alleged intent was to disclose, sell or transfer the patient records for personal gain. He was terminated from the hospital for accessing unauthorized records in a separate incident.

 

The man arrested retrieved the victim’s records who were involved in car accidents. Consequently, the victims received solicitations from attorneys and chiropractors. The preliminary hearing is slated for today, September 4, 2012, which prosecutors hope to bring those who purchased or utilized the records unlawfully up on charges.

 

Protecting your organization from breaches doesn’t stop with your own employees. In the absence of a business associate agreement with your vendors you may also be responsible for their breaches. Dexcomm knows that our own security and privacy procedures can serve as a model for our customers. That’s why we work hard to bring valuable information and resources to you. We have compiled an eBook titled, HIPAA Threats and Breaches, as a resource guide.

 

It includes information on security checklists, an easy risk assessment template, and some sample documentation for HIPAA breaches. Click here to read the Dexcomm e-book on HIPAA Threats and Breaches.

 

webcam

A requirement for HIPAA compliance and a way to prevent breaches is to have a security and privacy officer within your organization. Without someone filling these roles in your organization, not only is a breach more likely, but also the penalty for such a breach is probably going to be more severe. The person who fulfills either of these roles does not need to be full time. It can be a part-time function that the incumbent fulfills on an as needed basis.

 

A security and privacy officer’s role includes everything from overseeing a risk analysis to keeping up with the latest HIPAA news and updates. It also includes overseeing functions like vendor management and physical security. Having one person accountable to ensuring necessary precautions are carried out is a vital part of your risk management plan.

 

Visit our website at www.dexcomm.com for more articles and publications on HIPAA.

 

CableFor more on this story


Dexcomm is a Louisiana-based corporation that provides answering services to businesses and service agencies across the United States. We have been open since 1954, employ a staff of roughly 50 people, and our average client retention rate is 10+ years.

Connect With Us:

Twitter

Facebook

LinkedIn


 

Read More About The Author: Dexcomm

Want To Stay In The Know? Subscribe to our blog!

You can sign up to receive weekly or monthly copies of our latest blogs, keeping you current on best practices, tips, and expert insight into helping your business communicate at its very best.


why-use-an-answering-service-thumbWhen you do, we will send you our free infographic.

"Why Use an Answering Service?"

 

Subscribe Here!

Lists by Topic

see all