We don’t have any hard numbers, but the feeling amongst our analysts ois that Accidental breach of Phi is likely by far the most common type. Accidental Breach you say? Just what is that?
An accidental breach should not be confused with a negligent or breach, although the lines indeed blur. For instance, throwing a printout of a patients lab order in the trash instead of shredding it would be a negligent breach, even though the person who did so might say “It was an accident!”.
I was recently a speaker for a dental study club. The topic of my talk was “How they Hack” where we followed the path often used by hackers and criminals that results in a breach. After my time was done, the next portion of the study club was an overview of a case that several of the attending Dentists and Orthodontists had worked on together.
A power point ensued and many of the slides contained PHI! Had the study club been a completely closed session with only Dental Professionals, this would not have been an issue at all, however; there were both vendors and food service staff present in the room! This was technically an accidental breach.
Things like this will happen, and no regulation, policy, nor procedure will stop them 100%. So what can we do as both healthcare and technology specialists? Learn from our mistakes and ask questions. In particular if there is any doubt get a second opinion and set of eyes on any situation that involves or has the potential to involve patient data. Also don’t sweat the “Little Stuff”, technology and security change in the coming year will give us all plenty of “Big Stuff” to worry about.
I plan to make this a yearly post, I’d like to look at the trends and technology that our company feels will impact the dentistry in the next 2,5,and 10 year periods. Dentistry in Two Years In the next two years, you will begin to see a slow move to more IoT devices. The Internet […] Continue reading →
HIPPA is going to require you to keep email records. If your practice routinely sends or receives email containing Protected Healthcare Information (PHI) and you don’t have an E-mail retention plan or policy, you have a problem! While there is no hard standard within the HIPAA framework, pertaining to email retention. However not doing so […] Continue reading →
For those that have been through our training or heard me speak to one of their organizations, you know I touch on the subject of Network Connected Devices. These devices are already in many practices and have been for some time. If you remember a few years ago Vice President Dick Cheney had minor surgery […] Continue reading →
What is the risk with moving to the cloud? We work with several practices that have moved to the cloud in recent years, and nearly every week another manager or physician asks if they should as well. When we are asked this question our usual answer is “it does not matter to us, but there […] Continue reading →
Unless you have been living under a rock, or have gone Amish, Ransomware should not only be part of your vocabulary but should be part of your drea…er…nightmares. In fact if you are a practice owner or manager you should have Plutophobia. Continue reading →
As our team is watching the Twitter feeds on the Wannacry Ransomware outbreak currently hitting Europe, and completly crippling healthcare facilities in the U.K. This reminded me of something from my youth and how it should be applied to the practice in the security context. Continue reading →
I’ve been told that during presentations that I do for dental societies, study groups, and practices, the portions that stick with audience members the most are those where I delve into real world examples of Information Security failures. So in the spirit of good stories with a learning (what not to do) component. I […] Continue reading →
Reputational Damage is something that few people take into account. I hear a lot of other people in my field speaking and writing about data breach costs. Nearly every article, post, and presentation measures this in dollars. While dollar cost to the practice is certainly the primary concern of owners and managers. The total is […] Continue reading →
Data Security is a huge problem. You want to increase the security of your network and the data the you use as much as you can. One of the things that people forget about is the people using the technology and how they relate to data security. You can have all the security measures […] Continue reading →