Tuesday, June 19, 2012

707 Patients' Medical Records Compromised by Single Rogue Employee Due to Insufficient Privacy Breach Detection

An employee of a hospital in Nova Scotia, Canada was fired for inappropriately accessing patient medical records. After a co-worker raised a concern to the employee's manager, the hospital performed an exhaustive audit covering the past 2 years.

The time-consuming audit of application logs in the electronic medical records (EMR) and other clinical systems revealed the employee had viewed the 707 patient records without authorization or a valid reason.
"Even if it's one or two people whose information was accessed inappropriately, that would be too much." - Fraser Mooney, a spokesman for hospital
Better Privacy Breach Detection Needed
Accoding to the CEO's appology leter the hospital "does regular audits of access to electronic health records and we use auditing software to help identify any possible cases of unauthorized or inappropriate access to patient information". Given that the employee privacy breaches went detected for 2 years the hospital's current solution appears to be inadequate. Moreover, the privacy breach was discovered by a suspicious co-worker and not discovered by their privacy breach detection software.
Download a white paper on patient privacy breach detection that works. Learn how to proactively identify unauthorized breaches of patient data privacy, when they happen not 2 years later - with no hardware and no on-site software.
The hospital has notifyed and apologized to hundreds of patients whose privacy rights were violated. Interestingly the hospital refused to provide the name of the former employee and said it had no plan to pursue criminal charges against him or her.

This is the second major privacy breach in one of Nova Scotia's health districts this year. A previous privacy breach involved over 120 patients at a different hospital that works.

Sources:
(a) 707 patients notified of privacy breach at Roseway Hospital - Global Maritimes, June 14, 2012
(b) South West Health CEO issues statement on policy breach - The Yarmouth County Vanguard, June 15, 2012

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.