Home > Property & Casualty > Healthcare organizations find themselves at risk of “low tech” privacy breaches

Healthcare organizations find themselves at risk of “low tech” privacy breaches

In an age of ever-increasing dependence on electronic records and cyber-security, it should come as little surprise that there is a steady diet of new examples of data breaches and the loss of private data. This is especially true in the case of healthcare institutions and providers.

A great deal of time and effort is being spent today in healthcare on the evaluation and discussion of data security. However, in spite of numerous examples of high tech breaches and an entire industry developing around the protection of private patient data, there are just as many serious cases that occur that are considered relatively “low tech”. One recent example is from San Bernardino County, CA where a facility was fined in excess of $300,000 for two separate data breaches. In the first case, a radiology technician gained access to over 200 computerized patient medical records without a clinical need to do so. In the second case, a clerk simply let a friend into a restricted area where the friend overheard confidential patient information being given at admission. The facility reported these violations to the State and was fined in compliance with Section 1280.15 of the California Health and Safety Code.

Each of these “low tech” cases demonstrate the seriousness of the issue of privacy and the extent to which this risk can impact a facility’s financial condition. Providers need to carefully examine their exposure from both a digital and good old fashion protocol standpoint. The costs of prevention of data breaches needs to be considered for annual budgets for hospitals, health clinics and other providers. These fines demonstrate the serious nature of the risk. And not only are the exposures from federal statutes, but these cases show how costly this issue can be from purely a local standpoint.

We have seen a response in the insurance market to the need for privacy liability with ever-improving data security coverages offered by several carriers. However, many of these policies are written primarily to address electronic breaches.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s