A Rouge Employee
Hospital officials discovered the breach after they were notified of criminal activity by an employee working in the laboratory shipping section. The employee’s actions had been largely undetected until the hospital was notified of the incident by law enforcement in January 2014.
The hospital took action to remove the employee from work soon after being notified in January 2014, and began an extensive investigation into the breach.
The employee has since gone to trial and is serving time for their actions. Reports reveal that the employee was involved in a tax fraud ring wherein fraudulent tax returns would be filed with the IRS using the information found in old lab specimen labels. The employee harvested protected health information (PHI) and personally identifiable information off of these labels, including names, dates of birth, and Social Security numbers.
Once the hospital notified the Criminal Investigation Division of the Army, they investigated computers and computer systems. The investigation could not determine how many labels were taken, nor how much of the information was actually used, but found that no PHI was directly taken from the hospital’s electronic medical records (EHR) system.
Protecting Against Breaches
Medical records have become more valuable than any other kind of information available to fraudsters and criminals, and as such, the threat to PHI is more significant now than ever before.
Hospitals and healthcare organizations across the country need to ensure that they’re taking all appropriate measures to safeguard PHI. With proper employee training and attestation, healthcare professionals can protect their business from liability in the event of a breach. Policies and procedures limiting the access to PHI and setting standards to manage how PHI can be accessed are absolutely essential for organizations of any size to ensure that undetected incidents such as this are immediately recognized.
Protecting patients’ sensitive health data has become more important now than ever before. Implementing an effective HIPAA compliance solution is one of the best ways to mitigate this growing risk and defend your patients’ privacy.