Health care providers, practices and health systems increasingly have many computers, tablets, external storage devices, etc. circulating among various offices with many providers. However, not all practices and health care systems recognize the importance of the encryption of their devices to protect patients’ protected health information (“PHI”).
AHMC Healthcare, a six-hospital health system in Alhambra, California, experienced first hand why encryption is imperative for electronic devices that contain PHI: “In one of the biggest HIPAA privacy breaches ever reported, [AHMC Healthcare] notified 729,000 patients that their protected health information has been compromised following the theft of two unencrypted laptops by a transient. The laptops contained data on patients seen at all six of AHMC Healthcare’s hospitals. Officials say the office where the laptops were stolen was video monitored, and the campus was gated and “patrolled by security.” However, the transient was able to walk out with the laptops with no issues Oct. 12. Patient names, Medicare data, medical diagnoses and insurance and payment information were all contained on the two laptops.” “The AHMC Healthcare breach is the 11th biggest HIPAA data breach to date, according to data from the Department of Health and Human Services.” Article.
As a direct result of the breach, AHMC Healthcare expedited the encryption of all of its laptops. Health care systems, providers and practices should heed the lesson AHMC Healthcare experienced before having to notify their patients and the government.
Healthcare providers must also be proactive and update their policies and procedures requiring encryption on all devices to protect patients’ PHI.
Tell us how your organization protects its information? Share your ideas with us by clicking on the comment button below. We’d love to hear from you.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.