Is it still a breach if there is no known harm?

Even if a healthcare organization isn’t sure if breached information is accessed or used, it is still a breach. This is true unless the information is unusable, such as encrypted information. For example, a possible breach at McLaren Oakland Hospital that exposed over 2,200 patient files still required McLaren to report the potential breach and notify patients.

We can help your practice stay on top of the latest healthcare news, rules, regulations and trends.  Subscribe to stay current and up to date on important matters that will impact your practice.  (To subscribe to our blog click here).

So what happened that caused McLaren Oakland Hospital to notify patients?

A computer desktop file was found to have an unauthorized and unsecured link to a file containing protected health information (“PHI”).

The link was left open by an employee and there was no evidence of fraud. Patients were notified to check their financial information and credit reports for any irregularities.

McLaren offered to provide free identity theft monitoring and protection services.

Even a breach with no known harm can be costly to a healthcare facility. It can result in fines and burdensome requirements from the Office of Civil Rights, a loss of patient trust and patient base, and costly mitigation efforts.

Breaches continue to be rampant in healthcare. With many employees working remotely, it is essential that employees be trained on proper cyber security and phishing attempts.

Employees at the workplace should make sure to follow all procedures for logging out, not having passwords visible, changing passwords routinely, and using secure ways to access PHI.

We help our clients determine their areas of vulnerability and train their staff to avoid potential breaches. We also ask that all members of the staff act as the HIPAA police to help look for areas of concern and speak up about potential vulnerabilities.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, click here to Subscribe.

Do you need help staying current and compliant with the latest laws, rules and regulations?  We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs:  CLICK HERE.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.