Dive Brief:
- Kaiser Permanente has experienced its second data breach this fall, in which a USB flash drive holding patient data went missing.
- The loss of the USB drive, which was discovered to be missing Sep. 25, included patient names, dates of birth and medical record numbers.
- This follows on another September breach in which 670 patients' PHI was exposed, when an e-mail attachment containing patient names, medical record numbers e-mail addresses, employers, phone numbers, department names and appointment dates for health screening went to a recipient ouside the Kaiser network.
Dive Insight:
Unfortunately, data breaches of this kind are common, so Kaiser's having two incidents in one month isn't an indication that it's below industry average in its safety precautions. Still, it'd be nice if it wasn't so easy to lose track of unencrypted data within any healthcare organization. Clearly, more work needs to be done to prevent such breaches, which could conceivably cost up to $1.5 million in HIPAA fines.