EHR snooping leads to criminal HIPAA violation charges in New York

01 Dec 2021

·www.healthcareitnews.com

A Long Island-area hospital announced this past week that one of its night-shift employees had improperly accessed electronic health record information in violation of its policies. Huntington Hospital sent notices to about 13,000 patients regarding the incident, explaining that the employee had been terminated and eventually charged with a criminal HIPAA violation. "Huntington Hospital has a robust compliance program that includes ongoing training of its employees, implementation of security tools to monitor access to medical record applications, and audits of medical record access," said the hospital in a news release about the incident. WHY IT MATTERS Although the hospital determined that the employee had accessed patient information in an unauthorized capacity between October 2018 and February 2019, it did not announce that the incident had taken place until November 2021. According to the hospital, the notification delay came at the instruction of law enforcement, which was investigating the incident. That investigation resulted in the HIPAA violation charges. The hospital said there is no evidence that its then-employee accessed Social Security numbers, insurance information, credit card numbers or other payment-related information. The data may have, however, included: Demographic-type information such as name, date of birth, telephone number, address, internal account number and medical record number. Clinical information such as diagnoses, medications, laboratory results, course of treatment, the names of healthcare providers and/or other treatment-related information. The hospital said it would offer a year of complimentary identity-theft protection services as an added precaution. THE LARGER TREND Although most security incidents that make headlines these days involve ransomware , employee snooping is still a perennial issue in the healthcare sector. In February, Montefiore Medical System, also based in New York, notified patients of a security breach involving illegal access to HIPAA-protected health information. But there is help: This past year, in an effort to curb such incidents, security firm CynergisTek updated its Patient Privacy Monitoring Services to help providers more proactively identify insiders who might be seeking unauthorized information, specifically about COVID-19. ON THE RECORD "The hospital has taken additional steps to prevent this type of incident from occurring in the future, including bolstering access controls and targeted re-training of staff on the importance of protecting patient confidentiality," Huntington Hospital said in its press release. Kat Jercich is senior editor of Healthcare IT News.

Organizations

Iran Social Security Organization

Cabell Huntington Hospital, Inc.

Indications

COVID-19

Targets

Drugs

Chat with Hiro

Hot reports

GPRC5D Target Patent Research Report

Patsnap Synapse

Global Drug R&D Express (July 2024)

PatSnap Synapse

siRNA Drug Amvuttra Patent Research and Practical Operation Guide

Patsnap Synapse

Get started for free today!

Accelerate Strategic R&D decision making with Synapse, PatSnap’s AI-powered Connected Innovation Intelligence Platform Built for Life Sciences Professionals.

Start your data trial now!

Synapse data is also accessible to external entities via APIs or data packages. Empower better decisions with the latest in pharmaceutical intelligence.