An Unencrypted Thumb Drive Costs a Medical Practice $150,000.


January 21, 2014

HIPAA Thumb drive security breach

Adult & Pediatric Dermatology, P.C. of Concord, Mass. must pay a $150,000 HIPAA penalty after losing 2,200 patient records. According to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights, the HIPAA penalty occurred when an unencrypted thumb drive was stolen from an employee’s vehicle. In addition, the medical practice failed to identify the thumb drive in a HIPAA risk analysis.

Do you have a proper risk management process in place? Do you secure electronic protected health information (ePHI) stored on various devices? As a healthcare professional, it’s critical to identify and mitigate risks before a HIPAA breach occurs.

The Take-Home Message:

1.   You shouldn’t store electronic protected health information (ePHI) on unencrypted devices, including thumb drives.

2.   You must identify thumb drives and other devices containing ePHI during a HIPAA and Meaningful Use Risk Analysis.

Where Is Your ePHI?

Many healthcare organizations believe their protected information is only contained in their electronic health records (EHR). However, any file containing diagnostic or treatment information must be protected. The following are few examples of places where ePHI can be found:

  • Letters
  • Spreadsheets and reports
  • Faxes and scanned images
  • Medical images and photographs
  • Voice files

Protected information can be stored on any device, including hard drives inside copiers. If you’re storing protected patient data on portable devices, make sure those devices are encrypted to avoid a HIPAA penalty in the unfortunate event that it is lost or stolen.

Tips To Prevent a HIPAA Breach

A HIPAA breach can lead to hefty fines, lost customer confidence, and reputational damage. You can protect your healthcare organization by doing the following:

1.    Don’t Export Data From Your EHR System

If you need to access protected data outside the office, use remote access tools to securely access the information without transferring data to a remote or portable device.

2.   Protect Your Computers and Network

Create a policy to prevent unauthorized users from exporting data from your EHR system. Also, make sure your network and portable devices are professionally managed to protect confidential data.

3.   Encrypt Your Devices

Devices should be encrypted to protect patient data stored on them, including both stationary and portable devices.

4.   Hire a Professional To Conduct a HIPAA Risk Analysis

A certified compliance expert can identify problems and solutions that would otherwise go unnoticed. It’s much less expensive to hire a professional than to face a HIPAA breach.

To learn more about HIPAA compliance and how to secure your devices, give us a call at (888) 330-8808 or send us an email at [email protected]. Integris can help you keep your patients’ information confidential.

We're Integris. We're always working to empower people through technology.

Keep reading

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

Managed IT Services St. Paul: 5 Powerful Advantages for Businesses

As a business owner, it's important to make the most of your resources. This includes finding cost-effective solutions for managing and maintaining your company's technology. Keeping a competitive edge in your industry requires secure, modern tech that allows your...

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

IT Support Minneapolis: Where to Find Top IT Services in Minneapolis

If you’re wondering where to find top IT services in Minneapolis, it’s important to identify providers that offer a wide range of support, have great service and provide solid tech expertise. Comprehensive technology insight is especially important when it comes to IT...

Webinar: Email Security that Doesn’t Suck…

Webinar: Email Security that Doesn’t Suck…

Trustifi and Security 7 present Email Security That Doesn’t Suck.  In today’s age of over-complicated security tools, it is extremely difficult to manage the fine balance between security and productivity.   {% video_player "embed_player" overrideable=False,...