Physicians Ensnared in Data Breaches
Last month, the names of "private practices" reporting breaches of unsecured protected health information affecting more than 500 people were revealed when the Office for Civil Rights, (OCR) the enforcer of the HIPAA privacy and security rules, lifted the veil of anonymity on the entities.
Judging from my calls to some of these physician offices who reported breaches—and their failure to return my calls, or simply responding with terse "no comment"—many would rather remain anonymous.
But for physicians who were involved in breaches, there are lessons learned, especially for small practices. Sometimes we just assume in this highly connected digital world, that every physician has ramped up to protect his practice against illegal data theft. That's definitely not the case.
One small practice, Daniel J. Sigman, MD, PC, based in Stoughton, Mass, was hit with a breach on Dec 1, 2009, affecting 2,860 patients, according to the OCR. The OCR tally noted: theft, portable devices, and medical records.
A key problem was the manner in which the data was kept in the plastic surgeon's office. Without giving me too many specifics, Kathleen Minnock, office manager, says the data was kept in a bag —similar to a purse —and taken offsite every night.
"We have a small server like many small doctor's offices," said Minnock, office manager, noting that the way the office handled the data seemed inexpensive and convenient.
After the practice learned the data was missing, the nightmare began, she says. The first worry was whether patient data was stolen, or compromised any other way. Thankfully, that didn't occur, Minnock says, without providing details. She says patient data doesn't appear to be compromised. Federal officials, however, demanded that each patient be notified and alerted to what had happened, all 2,860 of them. And over time, Minnock says, the practice has learned the lesson of keeping good records.
OCR reports that at least 11 "private practices" reported breaches of 500 or more over the past year, involving potentially thousands of patients and files.
- Hospital Groups Strike Back at Hospital Rating Systems
- The Secret to Physician Engagement? It's Not Better Pay
- AHIP: Enormity of HIX Challenges Sinks In
- Two-Midnight Rule Must be Fixed or Replaced, Say Providers
- 4 Reasons PCMH Principles Aren't Going Away
- Don't Underestimate Emotional Intelligence
- How Succession Planning Boosts Employee Retention Rates
- Evidence-Based Practice and Nursing Research: Avoiding Confusion
- Yale New Haven Health Partners with Tenet Healthcare in CT
- Cheaper surgery sends Lowe's flying to Cleveland Clinic