Protect patient data from careless breaches

The biggest security threat to your patients' health information isn't malicious hackers, as some practices might think, but rather simple carelessness among your staff.

A February report from accounting firm Kaufman, Rossin & Co. found, for example, that practices and hospitals are most likely to experience a breach because of an employee losing a thumb drive, mobile device or paperwork, American Medical News reports.

Despite the innocence of such mistakes, incidents such as the recent $1 million fine against Massachusetts General Hospital after an employee inadvertently left a stack of papers on a subway train teach us that they can have serious consequences. In addition to the cost of a federal fine, a March 8 report from the Ponemon Institute, which researches data privacy issues, found that administrative expenses, such as notification, and the loss of business, brought the cost of failing to protect patient data in 2010 to $345 per breached file (up from $301 in 2009).

To avoid these risks, practices need to be aware of the multiple places where their information is stored and how it flows throughout the organization, regardless of whether it is on paper or electronic, Jorge Rey, an information and IT audit manager for Kaufman, Rossin & Co. told amednews.

For example, practices must develop policies to ensure patient data is protected when removed from the offices. Better yet, Rey recommended organizations use Web-based applications that allow remote access to secure databases as an alternative to allowing physical copies or devices containing information to leave the premises.

To learn more:
- read the article in American Medical News