- Part 1: The Basics
- Part 2: Privacy
- Part 3: Data security
- Accessing social media sites from company computers or personal computer devices connected to company networks that store sensitive company data, leading to potential malware, phishing, and social engineering attacks that result in security breaches and legal liability
- Spoofing and impersonation attacks on social networks that pose legal risks: i.e., fake fan pages or fraudulent social media personas that appear to be legitimately operated
- Information leaks resulting in an adverse business and legal impact when confidential information is compromised
A federal judge sentenced an Atlanta man to 13 months in prison January 10 for intentionally accessing a competing medical practice’s computer without authorization in order to send marketing materials to patients, according to a U.S. Attorney’s office release.
Eric McNeal, a 38-year-old IT specialist, accessed the computer owned by A.P.A, a perinatal medical practice in Atlanta and his old employer, according to United States Attorney for the Northern District of Georgia Sally Quillian Yates. After leaving A.P.A. in November 2009, McNeal joined a competing practice located in the same building.
McNeal downloaded the names, telephone numbers, and addresses of A.P.A.’s patients, and then deleted all the patient information from A.P.A.’s system in April 2010. McNeal then targeted those patients with a direct-mail marketing campaign for his new employer, according to federal officials.
An HHS task force recommends that if the government encourages and helps develop health text messaging and mobile health programs, it better look into privacy and security concerns.
The task force Jan. 26 recommends that HHS conduct “further research” into the privacy and security risks associated with text messaging of health information and establish guidelines for managing such privacy/security issues.
“The exchange of health information via text messages raises privacy and security issues specific to this medium,” the task force wrote in an HHS release. “Text messaging programs may be subject to numerous privacy and security laws, including [HIPAA's] privacy and security rules.”
HHS says in recent years, mobile health technologies have seen the expansion of:
- Health text messaging
- Mobile phone apps
- Remote monitoring
- Portable sensors
These “have changed the way healthcare is being delivered in the U.S. and globally,” according to the HHS release.
According to HHS, the task force was charged with helping identify ongoing initiatives and proposals for the delivery of health information via mobile phones.
Greg Freeman for HealthLeaders Media. This article appears in the January 2012 issue of HealthLeaders magazine.
You pick up the phone and someone tells you that a laptop containing thousands of patient files was left behind on the morning train. Or you learn that your own employees have been snooping into sensitive patient records for fun and profit. Or you discover that, for some odd reason, patient records have been posted on a completely unrelated public website for anyone to see, and they’ve been there for nearly a year.
Each of these scenarios has played out for some unfortunate healthcare executive, and they hold lessons in how to avoid such disasters, plus the best way to respond to such a crisis. Some of the most notorious HIPAA violations occurred within the UCLA Health System at the UCLA Medical Center, where singer Britney Spears was hospitalized in early 2008. After the Los Angeles Times reported that employees had been caught perusing Spears’ records with no legitimate reason, the hospital confirmed the HIPAA violations, fired 13 employees, and took disciplinary action against others. It also suspended six physicians.
David Feinberg, MD, MBA, who became CEO for UCLAHS in 2007, says that the experience was a wake-up call for the health system, and that conditions have changed dramatically since then.
“It definitely was a crisis that we turned into a great opportunity,” says Feinberg. “We had a very, very lax culture around privacy, and because we happened to treat an A-list of celebrities, it got national attention. But the reality was we were sloppy not only with celebrities, but also with a nurse looking at another nurse’s records to see if she was really sick yesterday. That was our culture.”
Read more on HealthLeaders Media.
I recently went into our SNF facility and found they have the medication carts parked directly behing the front desk with the names of the patients visible to anyone standing in front of the desk. They have moved the patient charts to a room off to the side, but do not feel their med carts are a problem??
Get blog updates in your e-mail
Subscribe to our e-zine
Click here to learn how!