High-Profile Patients Prompt Internal Health Data Breaches

[InfoSec News <alerts () infosecnews org>]

http://healthitsecurity.com/news/high-profile-patients-prompt-internal-health-data-breaches

By Sara Heath
HealthITSecurity.com
August 21, 2015

No matter the many safeguards against hacking and cyberattacks are put 
into place in hospital records, sometimes hospitals need to protect 
against their own employees’ nosiness as well.

Such was the case for the Carilion Clinic, a not-for-profit clinic located 
in Roanoke, VA. According to a Roanoke Times report, Carilion has 
disciplined or fired 14 employees for looking at a high-profile patient 
file that they had not been given access to.

Although Chris Turnbull, a clinic spokesperson, did not identify the 
employees or the patient whose information was breached, he did explain 
that patient files tend to be handled by many people in the clinic and 
that the clinic has compliance officers who monitor the file activity. 
Whenever an employee accesses the file, the filing system documents the 
activity and tracks whether the employee had viable cause to access the 
file. Compliance officers are in charge of tracking privacy concerns by 
accepting complaints or monitoring high-profile patients.

Carilion Clinic is a HIPAA-covered entity and adhered to appropriate 
disciplinary standards in properly punishing employees or terminating 
their employment. The Roanoke Times report did not disclose which, or how 
many, employees were fired. Under HIPAA, these employees may also face 
criminal prosecution, a $50,000 fine, or a one-year prison sentence.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/