Tuesday, June 18, 2013

Must Privacy Breaches Require "IT Gymnastics"?

A privacy breach of diagnostic images and personal information on 500 patients was reported by a Canadian hospital.

The breach was the result of a staff physician sharing his username and password with a physician not affiliated with the hospital. While physicians often share information with others in the course of providing care there are regulations that must be complied with to protect patient confidentiality. In this case it seems regulations were not followed and the Information and Privacy Commission of Ontario is investigating.

"The privacy breach was discovered in early April and it took multiple gymnastics from an IT perspective to be able to come up with a list and determine to what extent and when it began."
- Andree Robichaud, CEO Thunder Bay Regional Health Sciences Centre
The hospital CEO noted "multiple gymnastics from an IT perspective" were needed to determine when the breach began and its extent. IT gymnastics can be eliminated by using Identity and Access Intelligence (IAI), SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hospital Apologizes for Data Breach - www.seclists.org, 05/28/2013

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.