Jackson Health bans cell phones for volunteers after data breach

Treat volunteers like employees when it comes to PHI access
Tools

What do a hospital volunteer, a cell phone and a McDonald's parking lot have in common? They were all factors in a massive scheme to steal patient identities. The fallout led Miami's Jackson Health System to ban smartphones for all volunteers across the system, Report on Patient Privacy on AIS Health reported.

In March 2012, three men were found filing fake tax returns, using free WiFi in a McDonald's parking lot. One of the men, Loverson Gelmine, was a volunteer Jackson Memorial North's emergency department. Using his cell phone camera, Gelmine took approximately 1,100 photos of patient records that contained Social Security numbers and other health information, which he then sold to one of the other men. The scam landed him almost four years of prison time.

The ID theft ring reminds hospitals about the dangers of paper records, cell phones and volunteers.

Following the data breach, disclosed in November, Jackson Health tightened security and issued a system-wide policy that prohibited volunteers from using cell phones in patient areas.

Jackson Health's President and CEO Carlos Migoya said the health system's board made "numerous policy and procedure changes to prevent a similar incident."

In addition to the smartphone ban, Migoya said Jackson now has a volunteer orientation program about privacy rules and frequent rounding by nurse leaders and volunteer managers in every unit with volunteers.

Although hospitals tend to have strict policies on employees' use of mobile devices and patient health information, they may be lacking on policies concerning volunteers.

"Volunteers should be treated at least as carefully as employees," Elizabeth Litten, a partner with Fox Rothschild LLP in Princeton, N.J., told Report on Patient Privacy.

Greg Slabodkin, editor at FierceMobileHealthcare, points out, "When HIPAA was first enacted, smartphones were not widely used," and current technology calls for greater security. "Healthcare professionals and their organizations need to establish strict policies governing the use of mobile devices at work, at home and out in public," Slabodkin said.  

Policies regarding volunteers could include background checks, increased supervision and restricted access to patient health information, Report on Patient Privacy noted.

For more information:
- see the Report on Patient Privacy story on AIS Health

Related Articles:
Mobile technology use by docs on the rise
Despite allure of mobile devices, doctors must be vigilant about security
Cell phone pics in the doc's office: To ban or not to ban?
Privacy laws falls short in age of proliferating medical devices
BYOD continues to challenge hospitals' security boundaries
4 healthcare trends hospital execs can't ignore