Government and Regulations

How Safe Are Patients’ Electronic Records?

After a laptop bag with unencrypted information of over 50,000 patients was stolen, the HHS Office for Civil Rights is offering HIPAA risk analysis assistance.


 

The radiation oncology private practice Cancer Care Group (CCG), which has 13 radiation oncologists serving hospitals and clinics throughout Indiana, notified the HHS Office for Civil Rights (OCR) in 2012 about a security breach after an employee’s laptop bag was stolen. The bag contained unencrypted backup media, with the names, addresses, birth dates, Social Security numbers, insurance information, and clinical information of about 55,000 current and former CCG patients.

Related: A Medical Tower of Babel

An investigation revealed that CCG had been in “widespread noncompliance” with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. It had not conducted an enterprise-wide risk analysis when the breach occurred and did not have a written policy covering the removal of hardware and electronic media containing electronic protected health information from its facility.

Related: Getting Along With Electronic Technology—Safely

The OCR found that 2 issues in particular contributed to the breach: Risk analysis could have identified the removal of unencrypted backup material as a significant risk, and a comprehensive policy about device and media control could have clarified guidance for employees.

The case was recently settled. Cancer Care Group paid OCR $750,000 and will adopt a “robust corrective action plan” to remedy the deficiencies.

Related: The Use of Secure Messaging in Medical Specialty Care

To keep other health care practices from making similar mistakes, HHS offers help for conducting a HIPAA Risk Analysis at http://www.healthit.gov/providers-professionals/security-risk-assessment, with videos and a downloadable security risk assessment tool.

Recommended Reading

New AVAHO President Looks Ahead
Federal Practitioner
2015 AVAHO Meeting Highlights
Federal Practitioner
Medical Issues for Women Warriors on Deployment
Federal Practitioner
Women, Ships, Submarines, and the U.S. Navy
Federal Practitioner
Michael Missal Nominated to Fill VA Inspector General Vacancy
Federal Practitioner
Delirium in the Cardiac ICU
Federal Practitioner
Inappropriate Stress Ulcer Prophylaxis
Federal Practitioner
New Guideline on Dyslipidemia: Less Is More
Federal Practitioner
Research Regulations Get Updated
Federal Practitioner
Expanding Gender Equity in Health Care
Federal Practitioner

Related Articles