Using a personal unsecured email or USB for health information can cause a data breach.
Penn State Hershey hospital found this out the hard way.
Hershey hospital is notifying roughly 1,801 patients of a HIPAA breach after an employee accessed and transmitted patients’ protected health data outside of the hospital’s secure information network. Names, medical records numbers, medical lab tests and results and visits dates could have been accessed by an unauthorized person or entity due to the employee’s mistake. Article.
Although the individual was authorized to work with protected health information, the individual accessed patient data via an unsecure USB device through his home network rather than the hospital network. Moreover, he also transmitted patient data via his personal email to two Penn State physicians. Hershey Hospital was very proactive and transparent regarding this potential breach.
Hershey’s public notice states:
“Penn State Hershey considers patient privacy and confidentiality to be of the utmost importance and chose to notify patients of this incident out of an abundance of caution.” “To decrease the likelihood of similar circumstances occurring in the future, Penn State Hershey is increasing education efforts with employees, focusing on the essential responsibility of all staff to safeguard patient health information at all times and follow proper practices for doing so.”
We cannot stress the education factor enough:
- Be proactive;
- Allow employees to learn prior to an incident, rather than after a breach, and
- Provide a regular forum for Staff employees to ask questions.
Despite medical practices and hospitals best efforts, data breaches are still a reality. Take action!
Tell us how your organization protects its information and educates its staff?
Share your ideas with us by clicking on the comment button below. We’d love to hear from you. Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.