[ISN] High-Profile Patients Prompt Internal Health Data Breaches

http://healthitsecurity.com/news/high-profile-patients-prompt-internal-health-data-breaches By Sara Heath HealthITSecurity.com August 21, 2015 No matter the many safeguards against hacking and cyberattacks are put into place in hospital records, sometimes hospitals need to protect against their own employees’ nosiness as well. Such was the case for the Carilion Clinic, a not-for-profit clinic located in Roanoke, VA. According to a Roanoke Times report, Carilion has disciplined or fired 14 employees for looking at a high-profile patient file that they had not been given access to. Although Chris Turnbull, a clinic spokesperson, did not identify the employees or the patient whose information was breached, he did explain that patient files tend to be handled by many people in the clinic and that the clinic has compliance officers who monitor the file activity. Whenever an employee accesses the file, the filing system documents the activity and tracks whether the employee had viable cause to access the file. Compliance officers are in charge of tracking privacy concerns by accepting complaints or monitoring high-profile patients. Carilion Clinic is a HIPAA-covered entity and adhered to appropriate disciplinary standards in properly punishing employees or terminating their employment. The Roanoke Times report did not disclose which, or how many, employees were fired. Under HIPAA, these employees may also face criminal prosecution, a $50,000 fine, or a one-year prison sentence. […]