Dive Brief:
- An employee at University Hospitals in Cleveland has breached the data of 692 patients by inappropriately accessing their medical records in the hospital system's EHR platform.
- The employee—who was recently dismissed from the hospital—allegedly accessed the patient information over a three-year period, which included patient names, home addresses, phone numbers, e-mail addresses, medical and health insurance account numbers and some Social Security numbers and financial account information, according to the report.
- The hospital has notified all 692 affected patients. A spokesperson for University Hospitals said it appears the employee was "snooping," and the hospital is not aware of any incidences of fraud or identity theft.
Dive Insight:
No matter what you do to shield patient information from outside forces, as this incident shows, data breach is sometimes an inside job. But either way, the price tag of being found in violation of HIPAA security rules can be stiff. As recently as May, one healthcare organization paid a settlement of nearly $4.8 million for a data breach.
While healthcare organizations can't always prevent protected health information from leaking out, following industry best practices—like encrypting data, setting clear policies about who can view EHR data, etc.—will greatly diminish a medical group's chances of experiencing a breach.
Want to read more? You may enjoy this story about 4 ways providers can avoid data breaches.