By: Anne Zieger 09.22.2011 |
A few months ago, a Birmingham, AL orthodontics practice reported that someone broke into its office and stole a bunch of equipment, including a server stocked with information on patients going back 30 years. The information included some dangerous stuff, including names and addresses of patients, Social Security numbers and at least some credit card numbers. The break in affected 20,744 individuals, according to Rape & Brooks Orthodontics, which reported the incident to the HHS Office for Civil Rights.
What makes the theft particularly nasty is that the data was "unencrypted," rather than scrambled by software for security reasons. In essence, that means the thieves could conceivably take out the server computer's hard drive, attach it to another computer, and simply read the information. And the thieves have reason to do so; data like Social Security numbers and birth dates can be used together to commit many forms of credit card.
While this incident didn't involve clinical data drawn from an EHR, it's only a matter of time before practices lose electronic patient record data in this manner. If nothing else, a practice whose computer equipment is stolen could lose clinical data, at least if the data wasn't backed up properly. Not only that, thieves are beginning to use patient data to commit medical identity fraud, in which they use a patient's information to fraudulently obtain medical care and bill it to that patient. And of course, the HIPAA implications of stolen patient data are rather ugly.
Bottom line, if you're not confident that you understand at least the basics of security, you'd better learn fast -- the stakes are high and getting higher. Tomorrow, I'll supply a sample of Web resources that can help you get up to speed.
No comments:
Post a Comment