Wednesday, February 13, 2013

Patients Sue Over Data Theft; Experts Say Prevention Needed

In a $50 million class action lawsuit, plaintiffs claim a hospital was negligent, breached fiduciary duty and violated several laws, including HIPAA, when a former hospital worker stole their personal information and allegedly opened fake credit accounts.

Identity theft at hospitals often reveals how patient information can be stolen to commit fraud. But experts, such as Brian Evans, of Tom Walsh
Consulting, agree preventive measures are needed.

"Unauthorized access has been a common problem in every healthcare organization I've worked in...Without proper auditing in place, it's difficult to quantify the scope of employees taking advantage of privileges they have for non-work related purposes like snooping." - Brian Evans, Tom Walsh Consulting
Besides limiting employee access to patients' sensitive information, healthcare organizations can take other steps to prevent identity fraud involving insiders, says Brian Evans. That includes deploying monitoring and breach detection tools, as well as ramping up employee training.

"Organizations' awareness and training programs clearly need to educate the workforce on policy and proper conduct with potential consequences for infractions," Evans says. Also, healthcare organizations can employ breach detection solutions that can flag data access anomalies, he suggests.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.

"Written policies and procedures are enforced with a technical solution and unauthorized access is detected and addressed accordingly," Evans says. "More importantly, an organization's culture is changed because consistent and ongoing auditing and monitoring is established, which acts as a deterrent with disciplinary action as the outcome for those employees found in violation of policy."

Sources:
(a) Patients Sue North Shore-LIJ Over Data Theft - www.ModernHealthCare.com, 2/12/2013
(b) Arrests, Lawsuit in Hospital ID Thefts - www.HealthCareInfoSecurity.com, 2/08/2013

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.