University Hospitals Geauga Medical Center suffered data breach when a former employee improperly accessed health data.The employee has since been terminated.Affected information
included patient names, dates of birth, medical record numbers, and health information related to medications. UH stated that there is no reason to believe this incident will lead to identity theft.
UH mentioned that 677 potentially individuals were potentially affected. It will be reeducating staff on HIPAA regulations. According to the statement, UH is unaware of any identity theft or harm to patients caused by the access of information. The concerned individuals are being notified of the incident. Also, law enforcement were notified about the incident.
Data Breach Incident
UH have taken steps to correct the situation and prevent similar occurrences in the future.
HIPAA administrative safeguards consists of following main aspects –
- Security management process
- Assigned security responsibility
- Workforce security
- Information access management
- Security awareness and training
- Security incident procedures
- Contingency plan
- Evaluation
Business associate contracts and other arrangements
“Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper,”
explained OCR Director Jocelyn Samuels, adding that PHI security is essential for entities of all sizes.
“All too often we see covered entities with a limited risk analysis that focuses on a specific system
such as the electronic medical record or that fails to provide appropriate oversight and
accountability for all parts of the enterprise,”Samuels said in a statement.
Alertsec has created a web based encryption service that radically simplifies deployment and
management of PC encryption by using industry leading Check Point Full Disk Encryption (former
Pointsec) software.