Many providers and their staffs continue to trip up when it comes to protecting patient data in electronic health records, despite more rigorous requirements imposed by changes to HIPAA and the increased threat of government enforcement.
For instance, San Francisco General Hospital, which last September had an inpatient go missing only to be found dead almost three weeks later in a stairwell, revealed on Jan. 24 that four employees had been snooping in the patient's records without authorization. The employees were caught during a routine audit of the records of high profile cases Oct. 21, and placed on administrative leave. Two ultimately were fired and a third resigned; the fourth returned to work. The hospital reported the privacy breach to both the California Department of Health and the patient's family.
"SFGH takes patient privacy extremely seriously," the hospital stated in a blog post.
In another recent incident, an Elyria, Ohio physician moving offices left behind a computer containing data on 15,000 patients, according to the Chronicle Telegram. A member of the crew cleaning the office salvaged the computer for his family only to discover the patient data--including that of his fiancé--easily accessible.
Protecting patient electronic records can be more difficult than protecting paper records since so many can be stored, accessed and shared at once. The U.S. Department of Health & Human Services Office for Civil Rights has warned that it is stepping up enforcement of such breaches and that settlement payments, some of which have topped $ 1 million, are a "fraction" of the penalties that could have been levied.