Breach Horror Stories SharedAnecdotes Shed Light on Risks
The anecdotes are included in a white paper from FairWarning Inc. which promised its clients anonymity in exchange for sharing the gory details. If you're looking for new ways to help convince those who control the budget at your organization to invest more in breach prevention, consider sharing these details with them:
- A senior physician at one practice hired several lower-paid junior physicians to enter notes in the senior physician's name, resulting in billing fraud.
- An employee of a specialty hospital who owned an assisted living facility as a side business was mining information from the hospital's electronic health records to feed his own business.
- Staff members of one metropolitan healthcare organization used a pharmacy dispensing system to self-prescribe oxycodone.
- Several organizations, both rural and urban, reported staff used their electronic health record access to steal the identities of deceased patients to commit financial identity theft.
An employee of a specialty hospital who owned an assisted living facility as a side business was mining information from the hospital's electronic health records to feed his own business.
FairWarning advises healthcare organizations to conduct a benchmarking study before implementing a breach monitoring/prevention program to help measure improvement in preventing breaches. Its whitepaper offers several attention-grabbing benchmarking examples to illustrate just how common breaches really are, such as:
- A 200-bed hospital with a few small clinics reported it was experiencing 24 confirmed breach incidents per month;
- A physician practice with 20 clinics reported 29 incidents per month;
- An integrated delivery system with multiple hospitals and clinics confirmed 125 incidents per month.
The anecdotal information on horror stories and the frequency of breaches is food for thought as you contemplate how to maintain patient privacy and comply with all the provisions of the HITECH Act -- and avoid its toughened penalties for HIPAA violations.