By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
SmartData Collective
  • Analytics
    AnalyticsShow More
    data analytics in sports industry
    Here’s How Data Analytics In Sports Is Changing The Game
    6 Min Read
    data analytics on nursing career
    Advances in Data Analytics Are Rapidly Transforming Nursing
    8 Min Read
    data analytics reveals the benefits of MBA
    Data Analytics Technology Proves Benefits of an MBA
    9 Min Read
    data-driven image seo
    Data Analytics Helps Marketers Substantially Boost Image SEO
    8 Min Read
    construction analytics
    5 Benefits of Analytics to Manage Commercial Construction
    5 Min Read
  • Big Data
  • BI
  • Exclusive
  • IT
  • Marketing
  • Software
Search
© 2008-23 SmartData Collective. All Rights Reserved.
Reading: HIPAA Breach Lessons Learned
Share
Notification Show More
Latest News
big data mac performance
Data-Driven Tips to Optimize the Speed of Macs
News
3 Ways AI Has Helped Marketers and Creative Professionals Streamline Workflows
3 Ways AI Has Helped Marketers and Creative Professionals Streamline Workflows
Artificial Intelligence
data analytics in sports industry
Here’s How Data Analytics In Sports Is Changing The Game
Big Data
data analytics on nursing career
Advances in Data Analytics Are Rapidly Transforming Nursing
Analytics
data analytics reveals the benefits of MBA
Data Analytics Technology Proves Benefits of an MBA
Analytics
Aa
SmartData Collective
Aa
Search
  • About
  • Help
  • Privacy
Follow US
© 2008-23 SmartData Collective. All Rights Reserved.
SmartData Collective > Data Management > Best Practices > HIPAA Breach Lessons Learned
Best PracticesBig DataData ManagementInside CompaniesITLocationPolicy and GovernancePrivacySecurity

HIPAA Breach Lessons Learned

onlinetech
Last updated: 2020/01/16 at 3:21 PM
onlinetech
5 Min Read
HIPPA compliance
Shutterstock Licensed Photo
SHARE

While no records were broken when it comes to number of health records disclosed per data breach, the top HIPAA breaches of last year still come with some hard lessons learned about technical and physical security. Learn from their mistakes and protect your healthcare organization from suffering the same fate:

While no records were broken when it comes to number of health records disclosed per data breach, the top HIPAA breaches of last year still come with some hard lessons learned about technical and physical security. Learn from their mistakes and protect your healthcare organization from suffering the same fate:

Who: Crescent Healthcare, a Walgreens company that manages and delivers pharmacy and nursing solutions in alternate site settings.
What: Last December, someone broke into Crescent’s billing center and stole a desktop computer, according to HealthCareITNews.com and the HHS reported breaches data. The desktop computer may have contained names, addresses, phone numbers, Social Security numbers, health insurance data, birthdates and clinical diagnoses. Over 100,000 individuals were affected.
Remediation: The company is retaining employees and service providers on security, and enhancing security policies and procedures.
Lessons Learned: Don’t store ePHI (electronic protected health information) locally on devices. Storing health data in a secure, offsite HIPAA compliant data center with limited, protected access could have prevented this data breach. Check that your HIPAA hosting provider can supply a HIPAA report on compliance to ensure data is safe.

Two-Factor Authentication

More Read

anti-spoofing tips

Anti-Spoofing is Crucial for Data-Driven Businesses

How to Plan a Cybersecurity Strategy for Your Small Business
3 Ways AI Has Led to Horrifying Cybersecurity Threats
4 of the Biggest Data Breaches in Banking
ML is a Vital Defense Against Thwart Digital Attack Surfaces

Who: Howard University Hospital
What: In early 2012, a former contractor that downloaded patient data (in violation of hospital policy) onto their personal laptop reported the theft of the unencrypted device from their vehicle. Names, addresses, IDs, medical record numbers, birthdates, admission/discharge dates and diagnoses information for over 66,000 patients were all saved locally on the laptop.
Remediation: The hospital extended its policy of encrypting all laptops to include contractor data/laptops.
Lesson Learned: Employee data security policies should cover all employees that have access to ePHI, not just full-time staff. Encrypting data is key. And again, keeping sensitive data off of devices and using a security tool like two-factor authentication for VPN (Virtual Private Network) access cuts down on risk of unauthorized access.

Who: Apria Healthcare, Inc., provider of home medical equipment.
What: Last June, an Apria employee had their laptop stolen from their locked car – billing information for 65,700 patients was stored on the laptop’s hard drive.
Remediation: Apria is working on its internal patient privacy security program and encrypting company laptops.
Lesson Learned: Why do people leave laptops in their cars? Even if locked you’re running a big risk. Aside from that, employee security training may have raised awareness about the dangers of leaving electronics vulnerable, and again, keeping data off of portable devices.

Who: University of Miami Hospital
What: Two employees were accessing patient information from registration ‘face sheets’ and may have sold information to a third party. Face sheets contain name, address, birthdate, insurance policy numbers and the reason for the visit. According to HHS.gov, over 64,000 individuals were affected.
Remediation: The employees were identified and fired.
Lesson Learned: Background checks and employee HIPAA training may have prevented this incident, but often insider threats are the most difficult to detect. File integrity monitoring (FIM) is a service that can be configured and customized to monitor certain folders and files in order to protect ePHI from being altered or destroyed, and fulfills the HIPAA requirement to implement hardware or software to record and examine activity in systems that contain ePHI.

While using the technical services of a HIPAA hosting provider may have prevented or reduced the risk of a data breach in the above top HHS breach cases of 2012, as a covered entity, you need to ensure you can trust your business associates’ security practices. Read Five Questions to Ask Your HIPAA Hosting Provider for a checklist of questions and answers.

References:

Walgreens Company Announces Data Breach
Howard University Laptop Theft Affects 34,000+
Stolen Laptop at Apria Healthcare Exposes Patient Data
University of Miami Hospital Data Incident

TAGGED: cybersecurity, data breach, hipaa
onlinetech April 3, 2013
Share this Article
Facebook Twitter Pinterest LinkedIn
Share

Follow us on Facebook

Latest News

big data mac performance
Data-Driven Tips to Optimize the Speed of Macs
News
3 Ways AI Has Helped Marketers and Creative Professionals Streamline Workflows
3 Ways AI Has Helped Marketers and Creative Professionals Streamline Workflows
Artificial Intelligence
data analytics in sports industry
Here’s How Data Analytics In Sports Is Changing The Game
Big Data
data analytics on nursing career
Advances in Data Analytics Are Rapidly Transforming Nursing
Analytics

Stay Connected

1.2k Followers Like
33.7k Followers Follow
222 Followers Pin

You Might also Like

anti-spoofing tips
Security

Anti-Spoofing is Crucial for Data-Driven Businesses

6 Min Read
Cybersecurity Plan
Security

How to Plan a Cybersecurity Strategy for Your Small Business

8 Min Read
ai powered hackers are more deadly than ever
Artificial Intelligence

3 Ways AI Has Led to Horrifying Cybersecurity Threats

7 Min Read
data breaches are affecting more banks than ever
Security

4 of the Biggest Data Breaches in Banking

7 Min Read

SmartData Collective is one of the largest & trusted community covering technical content about Big Data, BI, Cloud, Analytics, Artificial Intelligence, IoT & more.

AI chatbots
AI Chatbots Can Help Retailers Convert Live Broadcast Viewers into Sales!
Chatbots
ai in ecommerce
Artificial Intelligence for eCommerce: A Closer Look
Artificial Intelligence

Quick Link

  • About
  • Contact
  • Privacy
Follow US

© 2008-23 SmartData Collective. All Rights Reserved.

Removed from reading list

Undo
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?