Physicians Ensnared in Data Breaches
Last month, the names of "private practices" reporting breaches of unsecured protected health information affecting more than 500 people were revealed when the Office for Civil Rights, (OCR) the enforcer of the HIPAA privacy and security rules, lifted the veil of anonymity on the entities.
Judging from my calls to some of these physician offices who reported breaches—and their failure to return my calls, or simply responding with terse "no comment"—many would rather remain anonymous.
But for physicians who were involved in breaches, there are lessons learned, especially for small practices. Sometimes we just assume in this highly connected digital world, that every physician has ramped up to protect his practice against illegal data theft. That's definitely not the case.
One small practice, Daniel J. Sigman, MD, PC, based in Stoughton, Mass, was hit with a breach on Dec 1, 2009, affecting 2,860 patients, according to the OCR. The OCR tally noted: theft, portable devices, and medical records.
A key problem was the manner in which the data was kept in the plastic surgeon's office. Without giving me too many specifics, Kathleen Minnock, office manager, says the data was kept in a bag —similar to a purse —and taken offsite every night.
"We have a small server like many small doctor's offices," said Minnock, office manager, noting that the way the office handled the data seemed inexpensive and convenient.
After the practice learned the data was missing, the nightmare began, she says. The first worry was whether patient data was stolen, or compromised any other way. Thankfully, that didn't occur, Minnock says, without providing details. She says patient data doesn't appear to be compromised. Federal officials, however, demanded that each patient be notified and alerted to what had happened, all 2,860 of them. And over time, Minnock says, the practice has learned the lesson of keeping good records.
OCR reports that at least 11 "private practices" reported breaches of 500 or more over the past year, involving potentially thousands of patients and files.
- Medical Errors Third Leading Cause of Death, Senators Told
- 4 Tectonic Shifts Shaking Up Healthcare
- As States Regulate Provider Competition, Common Threads Emerge
- CVS Ramps Up Retail Clinics with Provider Affiliations
- Chronic Disease Care Costs Get Bipartisan Attention
- CareFirst Announces PCMH Program Results
- Mayo Tops U.S. News Best Hospitals Rankings
- Hospitals Seeking to Understand PPACA Impact Turn to Data
- Telemedicine Providers Welcome AMA Guidelines
- The case for concierge medicine