Thursday, November 13, 2014

Terminated Worker Accessed Hospital Billing System

An terminated employee of a Kentucky hospital improperly accessed patient information on a billing database maintained by a third-party company. Names, addresses, dates of birth, and in some cases Social Security numbers and diagnosis, of 697 patients were breached.

While the breaches were discovered during an audit in April 2014 they had been going on for a year, between April 2013 and March 2014. The former employee's logon credentials to this outside vendor had not been disabled.

"When an employee is terminated, their login credentials to vendors’ databases with PHI must also be terminated. How often do you verify that it is actually being terminated properly?." - PHI Privacy
Healthcare organizations seeking to rapidly confirm all access has been disabled, rather than depending on an occasional audit, can utilize low-cost on-demand SaaS access analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Terminated employee continued to access Bon Secours’ patients’ billing information - www.PHIprivacy.net, 11/10/2014

No comments:

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.