Cookies help us display personalized product recommendations and ensure you have great shopping experience.

By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData CollectiveSmartData Collective
  • Analytics
    AnalyticsShow More
    image fx (67)
    Improving LinkedIn Ad Strategies with Data Analytics
    9 Min Read
    big data and remote work
    Data Helps Speech-Language Pathologists Deliver Better Results
    6 Min Read
    data driven insights
    How Data-Driven Insights Are Addressing Gaps in Patient Communication and Equity
    8 Min Read
    pexels pavel danilyuk 8112119
    Data Analytics Is Revolutionizing Medical Credentialing
    8 Min Read
    data and seo
    Maximize SEO Success with Powerful Data Analytics Insights
    8 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-25 SmartData Collective. All Rights Reserved.
Reading: HIPAA Breach Lessons Learned
Share
Notification
Font ResizerAa
SmartData CollectiveSmartData Collective
Font ResizerAa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > HIPAA Breach Lessons Learned
Best PracticesBig DataData ManagementInside CompaniesITLocationPolicy and GovernancePrivacySecurity

HIPAA Breach Lessons Learned

onlinetech
onlinetech
5 Min Read
HIPPA compliance
Shutterstock Licensed Photo
SHARE

While no records were broken when it comes to number of health records disclosed per data breach, the top HIPAA breaches of last year still come with some hard lessons learned about technical and physical security. Learn from their mistakes and protect your healthcare organization from suffering the same fate:

While no records were broken when it comes to number of health records disclosed per data breach, the top HIPAA breaches of last year still come with some hard lessons learned about technical and physical security. Learn from their mistakes and protect your healthcare organization from suffering the same fate:

Who: Crescent Healthcare, a Walgreens company that manages and delivers pharmacy and nursing solutions in alternate site settings.
What: Last December, someone broke into Crescent’s billing center and stole a desktop computer, according to HealthCareITNews.com and the HHS reported breaches data. The desktop computer may have contained names, addresses, phone numbers, Social Security numbers, health insurance data, birthdates and clinical diagnoses. Over 100,000 individuals were affected.
Remediation: The company is retaining employees and service providers on security, and enhancing security policies and procedures.
Lessons Learned: Don’t store ePHI (electronic protected health information) locally on devices. Storing health data in a secure, offsite HIPAA compliant data center with limited, protected access could have prevented this data breach. Check that your HIPAA hosting provider can supply a HIPAA report on compliance to ensure data is safe.

Two-Factor Authentication

More Read

“The Open Cloud Consortium (OCC): supports the development of standards for cloud computing and…”
Nice article on EDM
Indeed, issues about water scarcity, pollution, and dangerous…
Facing Environmental Crisis, Data Is Reshaping Waste Management
5 Industries That Are Being Revolutionized By Big Data

Who: Howard University Hospital
What: In early 2012, a former contractor that downloaded patient data (in violation of hospital policy) onto their personal laptop reported the theft of the unencrypted device from their vehicle. Names, addresses, IDs, medical record numbers, birthdates, admission/discharge dates and diagnoses information for over 66,000 patients were all saved locally on the laptop.
Remediation: The hospital extended its policy of encrypting all laptops to include contractor data/laptops.
Lesson Learned: Employee data security policies should cover all employees that have access to ePHI, not just full-time staff. Encrypting data is key. And again, keeping sensitive data off of devices and using a security tool like two-factor authentication for VPN (Virtual Private Network) access cuts down on risk of unauthorized access.

Who: Apria Healthcare, Inc., provider of home medical equipment.
What: Last June, an Apria employee had their laptop stolen from their locked car – billing information for 65,700 patients was stored on the laptop’s hard drive.
Remediation: Apria is working on its internal patient privacy security program and encrypting company laptops.
Lesson Learned: Why do people leave laptops in their cars? Even if locked you’re running a big risk. Aside from that, employee security training may have raised awareness about the dangers of leaving electronics vulnerable, and again, keeping data off of portable devices.

Who: University of Miami Hospital
What: Two employees were accessing patient information from registration ‘face sheets’ and may have sold information to a third party. Face sheets contain name, address, birthdate, insurance policy numbers and the reason for the visit. According to HHS.gov, over 64,000 individuals were affected.
Remediation: The employees were identified and fired.
Lesson Learned: Background checks and employee HIPAA training may have prevented this incident, but often insider threats are the most difficult to detect. File integrity monitoring (FIM) is a service that can be configured and customized to monitor certain folders and files in order to protect ePHI from being altered or destroyed, and fulfills the HIPAA requirement to implement hardware or software to record and examine activity in systems that contain ePHI.

While using the technical services of a HIPAA hosting provider may have prevented or reduced the risk of a data breach in the above top HHS breach cases of 2012, as a covered entity, you need to ensure you can trust your business associates’ security practices. Read Five Questions to Ask Your HIPAA Hosting Provider for a checklist of questions and answers.

References:

Walgreens Company Announces Data Breach
Howard University Laptop Theft Affects 34,000+
Stolen Laptop at Apria Healthcare Exposes Patient Data
University of Miami Hospital Data Incident

TAGGED:cybersecuritydata breachhipaa
Share This Article
Facebook Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

image fx (2)
Monitoring Data Without Turning into Big Brother
Big Data Exclusive
image fx (71)
The Power of AI for Personalization in Email
Artificial Intelligence Exclusive Marketing
image fx (67)
Improving LinkedIn Ad Strategies with Data Analytics
Analytics Big Data Exclusive Software
big data and remote work
Data Helps Speech-Language Pathologists Deliver Better Results
Analytics Big Data Exclusive

Stay Connected

1.2kFollowersLike
33.7kFollowersFollow
222FollowersPin

You Might also Like

big data security
AnalyticsBest PracticesBig DataData ManagementData MiningData VisualizationExclusivePredictive AnalyticsPrivacyRisk ManagementSecurityWorkforce Data

The Big Data Security Transformation

6 Min Read
cybersecurity
Data ManagementITPolicy and GovernancePrivacySecurity

Seek and Destroy: U.S. Energy Firms Warned of Recent IT Threats

5 Min Read

Dynamic Cybersecurity Needs: Reassessing Security

4 Min Read
VPN data security
Data ManagementExclusivePrivacySecurity

How Big Data Provides A Pivotal Foundation For VPN Data Security

6 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

ai is improving the safety of cars
From Bolts to Bots: How AI Is Fortifying the Automotive Industry
Artificial Intelligence
giveaway chatbots
How To Get An Award Winning Giveaway Bot
Big Data Chatbots Exclusive

Quick Link

  • About
  • Contact
  • Privacy
Follow US
© 2008-25 SmartData Collective. All Rights Reserved.
Go to mobile version
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?