A Florida hospital is currently dealing with a massive breach that is affecting over 760,000 patient’s protected health information (PHI). Concluding almost a yearlong investigation, the hospital is relieved that the source of the breach has been discovered. The former employee has been arrested and accused of unlawfully accessing thousands of patient records from several hospitals involving emergency room visits. The accused was a former ER Registration Representative whose alleged intent was to disclose, sell or transfer the patient records for personal gain. He was terminated from the hospital for accessing unauthorized records in a separate incident.
The man arrested retrieved the victim’s records who were involved in car accidents. Consequently, the victims received solicitations from attorneys and chiropractors. The preliminary hearing is slated for today, September 4, 2012, which prosecutors hope to bring those who purchased or utilized the records unlawfully up on charges.
Protecting your organization from breaches doesn’t stop with your own employees. In the absence of a business associate agreement with your vendors you may also be responsible for their breaches. Dexcomm knows that our own security and privacy procedures can serve as a model for our customers. That’s why we work hard to bring valuable information and resources to you. We have compiled an eBook titled, HIPAA Threats and Breaches, as a resource guide.
A requirement for HIPAA compliance and a way to prevent breaches is to have a security and privacy officer within your organization. Without someone filling these roles in your organization, not only is a breach more likely, but also the penalty for such a breach is probably going to be more severe. The person who fulfills either of these roles does not need to be full time. It can be a part-time function that the incumbent fulfills on an as needed basis.
A security and privacy officer’s role includes everything from overseeing a risk analysis to keeping up with the latest HIPAA news and updates. It also includes overseeing functions like vendor management and physical security. Having one person accountable to ensuring necessary precautions are carried out is a vital part of your risk management plan.
For more on this story: