Insider Security Threat in Healthcare
0 comments
by Doug Pollack
Recent events have highlighted the issue of insider access to private information and associated security within healthcare organizations. The access to Octomom’s health records by numerous hospital employees illustrates a serious and broad problem. It also is notable in that it is the first case where California has assessed penalties for such behavior.
Kirk Nahra, Partner with Wiley Rein, a leading law firm in the privacy arena, notes that:
“…the Bellflower Hospital in California was fined $250,000 after 23 employees of the hospital and affiliated companies accessed these medical records without authorization. The government finding in the case indicated that the breaches extended beyond the specific hospital in question, to other hospitals in the same corporate family, and continued even after initial reports to the state regulators about the breach. The state regulators also found that the security efforts to protect patient privacy were insufficient.”
With the passage of the HITECH Act, such situations are likely to become all the more visible given the requirement to report any such data breach incidents to the US Department of Health and Human Services. Healthcare organizations must take a serious look at how and to whom they provide access to personal health information of their patients in order to avoid the up to $1.5MM penalties that are prescribed by HITECH for such incidents.
