Sometimes nothing can prevent a data breach

Written by Art Gross, President, Entegration, Inc.
Posted June 13, 2010 at 3:16 pm

There are many things that you can do to protect patient information. You can put in place security policies and procedures, ensure that you do a thorough risk assessment, implement data encryption, educate your staff, etc. But sometimes nothing you can do can prevent a data breach from occurring.

As reported here, a laptop used by a hospice employee was stolen while in use at a patients house. The laptop was encrypted which normally would be a safe harbor and would exclude the need to notify patients of the data breach. In this case the laptop was already turned on and in use so that the data encryption key/password had already been entered and thus the information on the laptop could be accessed. In other words, because the employee logged in with the correct password all the data on the laptop was unencrypted. As long as the laptop remained powered on and in use, the data could be accessed without the need for the encryption password. Once powered off, the laptop would then require the correct encryption password to access the information.

Rainbow Hospice and Palliative Care notified patients because the laptop contained patient names, addresses, social security numbers, insurance information, medications, treatments and diagnoses.

I would guess that Rainbow Hospice and Palliative Care had security policies and procedures in place. They had already gone through the effort of ensuring that the laptop was encrypted. They had to have trained the employee on how to access the encrypted information and probably went over best security practices to protect their patient’s information. With all these efforts they still face a data breach.

In no way should anyone read this and think that implementing security is a waste of time and effort. Taking the steps to protect patient information is the right thing to do and it will go a long way to protect and prevent you from facing a data breach. But sometimes no matter what you do, you could still face the negative consequences of a data breach.

Filed under: HIPAA Security, HITECH

RSS feed for comments on this post

One Response to this post

AT&T Explains iPad Security Breach | International News - Stay up to date with the latest World News, Finance & Business, Green News, Technology and Sports on June 13th, 2010 8:48 pm

[...] Sometimes nothing can prevent a data breach :Entegration, Inc. Blog [...]

Sometimes nothing can prevent a data breach

Recent Posts

Categories

Archives

Links

Tags