« Disaster Recovery

Practice’s unencrypted computer causes a data breach

Hospitals may want to consider disaster recovery efforts to mitigate backlash after a data breach occurs.
Hospitals may want to consider disaster recovery efforts to mitigate backlash after a data breach occurs.

It is clear that new technologies like electronic document management programs can improve efficiency and reduce overall costs, but like any system, security measures must be taken. Computers for example, allow anyone to do their taxes, create contracts and surf the web. However, computers without efficient anti-virus and malware protection leave room for a variety of dangers.

In the health care industry, a majority of practices are in the midst of transitioning from paper records to electronic. This shift was driven by the Health Information Technology for Economic and Clinical Health Act in 2009. Hospitals and doctor offices that  made the change would be eligible to receive financial incentives if they met the requirements the government has laid out for these programs. Since the mandate, many practices across the United States have experienced a data breach.

Though these measures could be prevented through computer encryption or storing data in a secure cloud, time and again the Department of Health and Human Services has received notices of data breaches that involve 500 or more patients, Healthcare IT News reported. Since 2009, information from more than 27 million patients has been compromised.

At DeVita HealthCare Partners, an employee laptop was stolen out of their car. Though the practice has a "business-wide encryption policy," the organization's press release said that the laptop's security measures were "unintentionally deactivated."

About 11,500 patients records were on the laptop. Containing their insurance data, diagnoses and names–as well as Social Security Numbers for 375 individuals. In response to the attacks, DeVita spokesman Skip Thurman said the organization "has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures."

Because this continues to be an issue at many medical facilities, administrative staff members may want to consider reaching out to business continuity consultants who specialize in disaster recovery operations. This way, once a breach occurs, the staff is prepared to respond to patients and the media on the incident as soon as possible.