Can Your Printer Cause a Data Breach?

It did for University of Pennsylvania patients.

The University of Pennsylvania Health System (Penn), through its billing business associate, RevSpring, inadvertently sent patients bills containing both their information and information of other patients.  “RevSpring, a Michigan-based billing vendor used by Penn, believes the misprinted bills which caused the data breach were due to a printing malfunction. While the front of the statements were printed correctly, the reverse contained a second patient’s information.  Penn stated that the information was limited to patient names, physician names, service and test information, and the amount owed by the patient, and did not include dates of birth, diagnoses, insurance numbers, or Social Security numbers. While an exact number of affected patients was not given, Penn noted that it was more than 1,000.  RevSpring reported the error to Penn on December 5, and has since notified affected patients and investigated the incident to prevent a recurrence.”  Article.

Interestingly, and although not guaranteed, the Department of Health and Human Services (HHS) said it  would not penalize an unintentional data breach that is corrected within 30 days, but it is unclear whether Penn’s response the breach would be enough from HHS’s perspective.

Health care providers are relying more and more on technology being incorporated into their practices.  This include electronic medical records, data exchanges between satellite offices, internets, intranets and externets, and business associates and their subcontractors.  However, as health care providers rely on technology, they must have the appropriate policies and procedures in place to ensure that unsecured protected health information (“PHI”) is not inadvertently disclosed to the wrong patients.

Given the devastating civil and criminal penalties associated with data breaches, as well as the reputational harm, health care providers need to work with a health care attorney that specializes in preparing and implementing appropriate policies and procedures, and effectively train staff to avoid potential data breaches.

Tell us how your organization protects its information?   Share your ideas with us by clicking on the comment button below.  We’d love to hear from you.

Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.

Related Posts

Categories

Recent Posts

Do I Need an Emergency List?
March 23, 2023
Breaking: New Self-Disclosure Policy
March 21, 2023
What is a Power of Attorney?
March 16, 2023
Can Your EHR Template Land You in Prison?
March 14, 2023
What Happens When You Don’t Fund Your Trust?
March 9, 2023

Subscribe

Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.

 

Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!