The HIPAA Omnibus Law was introduced to make better standards of data safety in the healthcare business and under the new Law, businesses are needed to apply many additional processes to defend the health files of patients.
While a number of organizations have updated policies and procedures to make sure conformity with the latest Law, AHMC Healthcare didn’t take action in time to avoid a security violation. Had it have done so, the files of 729,000 patients wouldn’t have been revealed.
HIPAA rules require all covered entities to apply the suitable safeguards to make sure the Protected Health Information of patients isn’t placed in jeopardized. A risk analysis should be carried out and all possible security risks addressed and removed or reduced to a minimum level.
Laptops carry a very high risk of accidental data revelation; they can store a significant amount of data; they are moveable and are used outside clinics and hospitals. Laptops are often stolen because they have a reasonably high financial value, although burglars are now targeting healthcare organizations and doctors for the data laptops hold, which is much more valuable to burglars compared to the computer hardware. Any thievery of a laptop having unencrypted PHI is thought a HIPAA breach and possibly might lead to a substantial penalty so it is vital that any PHI included on the device is encrypted.
AHMC Healthcare manages 6 hospitals in Alhambra, California and its services are gated and guarded by security guards. Nevertheless, on 12th October this year, a transient walked into the complex and went into the offices, stole two laptops and walked off with the laptops. The offices were protected by CCTV cameras, even though the thief could leave the campus without being caught. The problem has been informed to the police but so far the laptops haven’t been recovered.
The laptops had a substantial amount of information on patients who had paid a visit to AHMC healthcare facilities and the event is among the largest HIPAA breaches reported to date. The 729,000 people affected by the infringement have now been communicated to warn them to the laptop thievery and they have been instructed to take precautions to protect their identities and check their credit reports.
Patients were told their names, insurance and payment information, diagnoses, Medicare data, were stored on the laptops and they got an excuse for any embarrassment caused. AHMC Healthcare will now be applying harsher security controls to avoid any further infringements from happening, including bringing forward its policies to encrypt all data stored on moveable devices. The event has been informed to the OCR and an inquiry into the matter will be carried out.
