New York-Presbyterian Hospital and Columbia University had a shared data network that was connected to the hospital information system. The breach of 6,800 patient records (names, clinical data, social security numbers, and more) was brought to light when an individual found their deceased partner’s personal information from the hospital on a public website searchable by Google.
The settlement is the largest fine by the United States Department of Health and Human Services for violating patient privacy — amounting to $4.8 million.
And this isn’t an isolated incident:
Just ask one of the 29.3 million patients whose health records have been compromised in HIPAA violations, since 2009, about the impact: their privacy can never be replaced. The problem is growing. Within the last two years, there has been a 138% increase in HIPAA violations.
How should healthcare providers avoid these hassles, fines and in some cases loss of license or jail time? By making sure that they learn to know, love (maybe hate), and comply with HIPAA.
So what is HIPAA? HIPAA (the Health Insurance Portability and Accountability Act) was created to protect patient privacy. It requires that PHI (a patient’s Protected Health Information) is securely handled. It is paramount that:
- patient health information remains secure (physically and electronically)
- medical professionals adhere to the “minimum necessary” standard for use and disclosure of PHI
- patients have the right to access, use and disclose their health information
Over this summer CaptureProof is going to make sure you understand the ins-and-outs of HIPAA and how it may apply to you, as a patient or clinician. Stay tuned for next week’s post.
1. Business Insider: “Hospital To Pay Millions After Embarrassing Data Breach Put Patient Info On Google” http://www.businessinsider.com/new-york-presbyterian-columbia-hipaa-settlement-2014-5
2. U.S. Department of Health & Human Services: Press Release: “Data breach results in $4.8 million HIPAA settlements”http://www.hhs.gov/news/press/2014pres/05/20140507b.html
3. U.S. Department of Human & Human Services: “Health Information Privacy” http://www.hhs.gov/ocr/privacy/