Tuesday, May 29, 2012

Medical Network Enables Privacy Breach Across Hospitals

Insight on the Potential Privacy Implications of Health Information Exchanges

An employee of a Connecticut medical practice used her computer privileges to access her estranged family's electronic medical records at a nearby hospital.

The victims became suspicious when the employee tried to use the information against them in a legal matter.

The victims then requested time consuming audits of all access to their medical records at both the medical practice and the hospital. This resulted in the discovery of at least 14 privacy breaches of their electronic medical records between 2007 and 2012.
"How does this go on for so long without her being caught? Now she knows things about my health that my own son doesn't know. That's creepy."
- Victim of Patient Data Privacy Breach
Even though the victims were never patients of the perpetrator's medical practice, she was able to access another healthcare organization's medical record system to violate the medical privacy of her brother, sister-in-law, and nephew. This is an important case because the ability of a healthcare workers to access medical records at other healthcare organizations will expand dramatically with the introduction of Healthcare Information Exchanges (HIE).

Finally, more than two months after confirming the medical record breaches, the perpetrator was arrested on charges of committing a fifth-degree computer crime for the "unauthorized access to a computer system". This Class B misdemeanor has a maximum penalty is up to 6 months in prison and a fine of up to $1,000.
"Your records may be seen by hundreds of strangers who work in health care, the insurance industry, and a host of businesses associated with medical organizations."
- Privacy Rights Clearinghouse
The victim stated that both the medical practice and the hospital should have detected that her family's records were being accessed inappropriately long before she brought it to their attention. Their own patient privacy breach audits, she said, should have caused them to question why the perpetrator was accessing a relative's records and put an immediate stop to it.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Waterford woman charged in privacy case - The Day, May 12, 2012
(b) HIPAA Basics: Medical Privacy in the Electronic Age - Privacy Rights Clearinghouse

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.