HIPAA Case Study

One of a medical organization's worst nightmares has become a realization for a Louisiana based hospital system. The nightmare trifecta of a privacy breach, identity theft, and the intent to create fraudulent checks issued underneath almost 500 patient's name became a reality for the hospital system on November 14, 2012.

Privacy Breach, Identity Theft and Fraudulent Checks

According to the Healthcare Journal of Baton Rouge, law enforcement agencies notified the hospital's administration that one of the hospital's own employees had been accessing images of patients' personal checks to the hospitals to steal the information for creating fraudulent checks. With the full cooperation of the hospital, authorities believe the now former employee began the criminal activity as early as January 2012. The information that was illegally accessed through the privacy breach differed between each victim. The patient's protected health information (PHI) records were accessed for personal information such as checking account numbers, date of birth and social security numbers.

The hospital system has launched its own internal investigation and began notifying patients. All of the victims have been urged to monitor their credit history and alert authorities to any unauthorized access to their accounts.

 Assessment Protection

There are several good reasons to performing a HIPAA Risk Assessment in your office but mainly because it is the law. A risk assessment can help you to identify where your Protected Health Information (PHI) lies in your organization.

From equipment to files, there is PHI being stored everywhere....so, protect yourself.

Our HIPAA experts have developed a free eBook to assist you to remain in compliance with HIPAA laws.