Bethesda Hospital Insider Healthcare Breaches
On December 1, 2020, Bethesda Hospital discovered that an employee impermissibly accessed and altered PHI. The altered data included home health orders that were used for patients receiving home care service from Bethesda. After an internal investigation, Bethesda fired the employee in question and notified law enforcement.
PHI potentially accessed by the former employee included patient names, dates of birth, Social Security numbers, addresses, insurance information, and clinical documentation. Patients treated between June 1, 2019 and December 2, 2020 may have been affected by the incident. Patients affected by the insider healthcare breach have been notified and will receive identity theft protection and one year of credit monitoring.
How to Prevent Insider Healthcare Breaches
Preventing insider healthcare breaches really comes down to two things, your policies and procedures and employee training.
Policies and procedures.
Your policies and procedures should dictate the proper uses and disclosures of PHI by your organization and employees. They also dictate who has access to what information and when. The HIPAA minimum necessary standard requires employees to only have access to the PHI that they need to perform their job functions. Additionally, it is important to have policies and procedures for how you track access to PHI. Tracking access to PHI enables the quick detection of insider healthcare breaches enabling you to mitigate damage. Lastly, you must have strict guidelines on when to terminate employee access to PHI such as when an employee changes job roles or is terminated from employment.
To ensure that your employees adhere to your organization’s policies and procedures, and HIPAA standards, they must be trained