Are Your Business Associates Accountable for HIPAA Compliance?
HHC said the breach involves a reported theft of electronic record files that contained PHI, personal information, and personally identifiable employee medical information (PIEMI).
The loss of this data, HHC said, occurred through the negligence of a "contracted firm that specializes in the secure transport and storage of sensitive data." In other words, the breach is attributed to a BA of HHC.
An HHC spokesman said in an e-mail to HealthLeaders Media that the van is owned by an information-management company the corporation hired to handle patient records -- GRM Information Management Services, a contracted firm that specializes in the secure transport and storage of sensitive data.
As a result of this theft, HHC said it took additional actions to further secure the transport of backup data off-site, including:
- Suspending the transport of unencrypted backup files from any HHC facility to off-site storage locations
- Expediting its plan to upgrade critical data to the 256-bit Advanced Encryption Standard , considered by the federal government as the highest level of protection against tampering. At the time of the theft, HHC had already upgraded and encrypted nearly 80 percent of the 1,568 systems applications used throughout the corporation. The upgrade is expected to be completed by the fall of 2011. Replacing GRM with a new vendor to handle offsite backup data that will be stored in highly protected facilities that have climate-controlled dedicated tape vaults, secured keycard access, video surveillance and trained personnel
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- 3 Traits Personality Assessments Can't Reveal
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- Carondelet to Pay $35M to Settle Fraud Allegations
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- CHS Hacked, 4.5M Patient Records Compromised