Dexcomm Blog

HIPAA Case Study: Employee accesses PHI through a web portal intended for physicians

September 11, 2012

In September 2009, the Health and Human Services’ Office for Civil Rights (OCR) began tracking healthcare information breaches affecting 500 or more individuals.  Since this time, 489 breaches affecting 21 million individuals have been recorded. OCR began tracking breaches in 2009 as part of the HITECH Act-mandated HIPAA breach notification rule.  Federal officials have said that a final version of the breach notification rule will be issued by the end of the year as part of an omnibus package of regulations that will include HIPAA modifications. 

Connect

One of the most recent and largest breaches added to the OCR tally occurred at a multiunit healthcare facility in Mississippi.  A statement released by the system’s representative and posted on their website indicates that they are committed to maintaining the privacy and confidentiality of their patients’ information at all times.  During a review of their patient information system conducted in April of 2012, they became aware of a possible breach.  Using a web portal, an employee of an affiliated physician’s office may have been accessing patient information that was intended for physicians’ eyes only.

 

This facility is one of the many healthcare providers auditing records access to clamp down on unauthorized usage.  According to their HIPAA privacy/security officer, this hospital has reduced incidents of inappropriate access from 50 per month to fewer than one or two incidents every couple of months.   The access monitoring system that the hospital uses is provided by FairWarning, a privacy breach detection service for healthcare providers.  It provides alerts and daily reports on incidents of inappropriate access and allows the hospital to audit user activity simultaneously across all audit sources.  

 

"Automated reporting alerts you to potential inappropriate activity within hours of occurrence, versus days, weeks, or months after occurrence," the HIPAA privacy/security officer says. "This is vital for detecting possible breaches quickly, so subsequent investigations can be launched in a timelier manner."

 

The constant modifications in HIPAA regulations and monitoring by OCR have made it vital for healthcare professionals to secure electronic protected health information (EPHI).  The first step in safeguarding EPHI is to perform a risk analysis to determine the level of risk.  In addition to providing training to employees and changing passwords routinely to prevent unauthorized access, healthcare professionals should also consider using an access monitoring system such as Fairwarning.   Healthcare organizations should also ensure that affiliations and IT vendors are HIPAA compliant.

 

Our Dexcomm Experts have put together resources to assist you with HIPAA compliance

HIPAA & Your Business Associates

HIPAA Threats & Breaches

Dexcomm Gets HIPAA

 

For more on the case study

http://www.mhs.net/pdf/release071112.pdf

http://www.databreachtoday.com/25-health-breaches-added-to-tally-a-5059

 

 


Dexcomm is a Louisiana-based corporation that provides answering services to businesses and service agencies across the United States. We have been open since 1954, employ a staff of nearly 100 people, and our average client retention rate is 10+ years.

Connect With Us:

Twitter

Facebook

LinkedIn


 

Read More About The Author: Dexcomm

Want To Stay In The Know? Subscribe to our blog!

You can sign up to receive weekly or monthly copies of our latest blogs, keeping you current on best practices, tips, and expert insight into helping your business communicate at its very best.


why-use-an-answering-service-thumbWhen you do, we will send you our free infographic.

"Why Use an Answering Service?"

 

Subscribe Here!

Lists by Topic

see all