Healthcare providers putting patient data at risk by using email

Posted: May 20, 2013
Share This:

Since the August 2009 Breach Notification Rule came into existence it has been clear to everyone just how frequently healthcare and patient data is compromised across the nation. This rule requires that HIPAA-covered organizations must notify patients or their next of kin of any security breaches involving over 500 patients, within 5-60 days after the discovery of the breach – depending on which state the breach occurred.

One such breach recently happened at the Regional Medical Center in Memphis, Tennessee. Three unsecured emails containing names, account numbers, phone numbers, physical therapy data, dates of birth and even social security numbers for almost 1200 patients were sent in Autumn 2012.

However, the breach was not discovered until March 2013, and whilst there is no reason to suspect that the data was accessed by anyone outside of the Medical Center, the fact remains that there was a severe breach of security that could have resulted in a huge amount of damage. An innocent mistake like this can lead to serious consequences, and safeguards need to be in place to prevent this kind of thing from happening.

Another example of patient confidentiality being compromised came in December 2012 and February 2013, at Hope Hospice in Texas. A member of staff emailed a report of patient referrals and admissions to themselves on two separate occasions without any form of security. 818 patients were affected by this breach, and their names, insurance information, referral information, clinical chart data, county and date of discharge were all compromised. Regardless of the intention of the staff member or the result of the breach, using email for sensitive, personal, private data is simply not acceptable.

Since August 2009, HHS data shows that 214,000 individuals have had their data reported compromised in Texas, and 1.2 million in Tennessee, that is almost one fifth of the entire population of the state of Tennessee! Across the nation there have been 21 million individual patients who have had their data reported compromised by their healthcare providers. Because the Breach Notification Rule does not require that breaches involving 499 patients or less be reported, some estimate that the actual number of patients affected nationwide is closer to 40-45 million.

Clearly the current systems are failing, and something needs to be done to change the status quo.

We believe this is where we come in. SecureCare is dedicated to protecting sensitive information. We blend innovative ideas and cloud technology to exceed HIPAA regulations. All our team members are HIPAA trained. By leveraging the highest levels of security and establishing new ways to securely exchange documents, users have easy to use, high performance solutions that remove the temptation to send data by unsecured channels. Plus, they get a full document audit trail. By working together, we can ensure that organizations avoid the severe penalties resulting from these breaches and associated damaging affects.

If you want to be certain that you are doing everything you can to keep your patients’ data safe, consider Sfax cloud faxing for your secure document exchange needs.