We don’t have any hard numbers, but the feeling amongst our analysts ois that Accidental breach of Phi is likely by far the most common type. Accidental Breach you say? Just what is that?
An accidental breach should not be confused with a negligent or breach, although the lines indeed blur. For instance, throwing a printout of a patients lab order in the trash instead of shredding it would be a negligent breach, even though the person who did so might say “It was an accident!”.
I was recently a speaker for a dental study club. The topic of my talk was “How they Hack” where we followed the path often used by hackers and criminals that results in a breach. After my time was done, the next portion of the study club was an overview of a case that several of the attending Dentists and Orthodontists had worked on together.
A power point ensued and many of the slides contained PHI! Had the study club been a completely closed session with only Dental Professionals, this would not have been an issue at all, however; there were both vendors and food service staff present in the room! This was technically an accidental breach.
Things like this will happen, and no regulation, policy, nor procedure will stop them 100%. So what can we do as both healthcare and technology specialists? Learn from our mistakes and ask questions. In particular if there is any doubt get a second opinion and set of eyes on any situation that involves or has the potential to involve patient data. Also don’t sweat the “Little Stuff”, technology and security change in the coming year will give us all plenty of “Big Stuff” to worry about.
In an ever-changing threat environment how can we protect both PHI and other sensitive information? One method that is rarely used outside of large corporations is the art of deception. Utilizing deception as a tool for defense in the practice is easily done and costs little. One of the most commonly probed areas of your […] Continue reading →
For those that have been through our training or heard me speak to one of their organizations, you know I touch on the subject of Network Connected Devices. These devices are already in many practices and have been for some time. If you remember a few years ago Vice President Dick Cheney had minor surgery […] Continue reading →
What is the risk with moving to the cloud? We work with several practices that have moved to the cloud in recent years, and nearly every week another manager or physician asks if they should as well. When we are asked this question our usual answer is “it does not matter to us, but there […] Continue reading →
Security Awareness Training can decrease the risk of data loss. It is impossible to be 100% secure. However, it is possible to minimize that risk. If you do not provide your employees with security awareness training. It really does not matter how secure you think your network and digital equipment are. The chances of you […] Continue reading →
Minimize risk of a data breach. Here is our Security Top 4 action items that can help you to minimize risk of losing data. Here are our picks for the top four action items your practice can take to prevent a breach. Periodic Security Awareness Training: This can be an instructor led program or […] Continue reading →
Data Security is a huge problem. You want to increase the security of your network and the data the you use as much as you can. One of the things that people forget about is the people using the technology and how they relate to data security. You can have all the security measures […] Continue reading →
Social Media Security or lack of it can be a major resource for hackers. Criminals that want your data (and money) are like water. When in motion they will take the path of least resistance. That is not to say hackers are lazy, but more to the point is that hackers and other information criminals […] Continue reading →
The Columbus Dispatch and other news outlets are reporting that a Central Ohio Practice has suffered a major data breach. It appears the hacker team originated in the Ukraine, and not only absconded with the medical practices entire patient database, but also billing and other sensitive data. Medical Practices at risk The practice’s systems were […] Continue reading →
There is an important term that every practice should be familiar with. Especially those who either don’t have to meet Meaningful Use or have chosen not to. That term is Due Diligence. Due Diligence is an important part of following the HIPPA guidelines. Continue reading →