News Lessons from PHI Breach at Rady Children’s Hospital

Lessons from PHI Breach at Rady Children’s Hospital

-

The protected health information (PHI) of around 14,121 patients at Rady Children’s Hospital has been compromised because of human error.

An employee inadvertently emailed a spreadsheet with the health information of the children to a few job applicants who had applied for data management jobs, and they in turn, forwarded the information to two other persons. The actual intention had been to send approved information to the applicants for an internal evaluation, but the employee accidentally attached the spreadsheet with real patient details.

According to a news report, the spreadsheet contained information such as dates of birth, primary diagnoses, admittance and discharge dates, medical record numbers, and insurance claim information, but their Social Security, insurance or credit card numbers, street addresses, or information of the children’s parents or guardians.

Corrective Action

The hospital apologized to the affected families and has taken corrective measures. Rady officials contacted all the six recipients and with the help of an independent information technology security firm, confirmed that the errant spreadsheet was deleted. The hospital has confirmed each recipient has given a written statement that they have deleted the email and the attachment from their computer and other external devices like an iPad or mobile phone. Rady Children’s Hospital also set up a phone bank staffed by more than 150 employees to contact families affected by the breach and mailed notices to each of them.

Rady Children’s states that it has taken the following measures to prevent such incidents from happening again:

– Use only commercially available and validated testing programs to evaluate job applicants and only test candidates onsite

– Work to improve information security and automated screening to flag emails that may contain potential protected health or other sensitive information. Every email will need additional approval before it can be sent

– Work with their email encryption provider to further strengthen security of sensitive data

– Continue to educate employees on HIPAA compliance

In its Notice and Information Regarding Disclosure of Patient Information, the hospital says, “We are using these incidents as examples to better inform our leadership team and employees about the need to protect patient information and the importance of the policies we have in place and train them in these new measures we are taking”.

Rady Children’s PHI Breach – Lessons to Learn

There are many lessons to be learned from this PHI data breach. Healthcare providers need to strictly implement proper administrative, technical and physical safeguards to ensure HIPAA compliance. If they outsource medical transcription, data entry or document conversion, they need to ensure secure modes for the transmission of PHI.

According to the Identity Theft Resource Center, there were a total of 4,579 recorded breaches and a total of 630,870,450 exposed records during the period from 2005 to June 5, 2014. Governmental organizations, healthcare facilities, banks, private companies, educational institutions and more are constantly exposed to data security threats. In addition to employee error/negligence, other reasons for breaches include

* Insider Theft
* Hacking
* Subcontractor/third party
* Accidental Internet exposure
* Physical Theft

When a data breach has occurred, measures should be immediately implemented to restore security and to protect the goodwill of the organization. All the details of the incident should be documented, including the response efforts and conversations with law enforcement and legal counsel. Other important actions to perform are:

* Record the exact date and time at which the breach was discovered and when response efforts begin

* Alert and activate the response team to execute the scheduled plan

* Preserve evidence by securely protecting the premises where the breach occurred to prevent further stop loss of information

* Document everything related to the incident

  • Who reported it?
  • Who discovered it?
  • How was the information stolen?
  • To whom was it reported?
  • What devices are missing?
  • What systems are affected?
  • What is the type of breach that has occurred?
  • What was stolen?
  • Who else knows about it?

If necessary a forensics firm should be brought in and law enforcement notified for further investigation.

Large organizations should anticipate that that human error can put secure information at risk. Recognizing this reality and taking appropriate measures to minimize such risks is crucial for consumers as well as the health of the organization.

Lessons from PHI Breach at Rady Children’s Hospital
General Contributor
Janice is a writer from Chicago, IL. She created the "simple living as told by me" newsletter with more than 12,000 subscribers about Living Better and is a founder of Seekyt.

Latest news

Japanese Owl Meaning and Symbolism

If you're wondering about the Japanese owl meaning and symbolism in Asian cultures, the Owl, along with Maneki Neko...

What Are the Signs of Depression in Women

Gender and depression have long been the scope of research in the field of emotional disorders; most authors believe...

Top 7 Superfoods for Men to Stay Young

Superfoods are generally regarded as targeted foods that provide the maximum nutritional benefit - thus these foods are nutritionally-dense...

Best Brain foods for Kids – Boost Brain Power and Keep Sharp

A child's brain is developing rapidly and if you want them to improve their performance in school and their...

7 of the Best Brain Foods for Studying

The foods that you eat can improve the functioning of your brain. Just like drugs, foods have amino acids,...

B12 Shots for Dogs – 10 Key Benefits

The end of 2010, my little dog -- a 7-pound Papillon -- became very stressed after a flood in...

Must read

Napa Valley Vineyards and Wine Guide

I'm going to present to you a Napa Valley...
- Advertisement -

You might also likeRELATED
Recommended to you