WARN YOUR BAs TO BEEF UP SECURITY
Your business associates' security measures must be top notch or your patients' information could wind up in the wrong hands.
Christus St. Joseph Hospital mailed letters April 10 to 16,000 patients whose records were stolen between Jan. 15 and 17 from Gateway File Systems of Vancouver, British Columbia. Gateway was converting the Texas hospital's paper medical records to digital files, Christus St. Joseph spokesperson India Chumney Hancock told the Houston Chronicle.
Hospital officials and the Houston Police Department believe the motive for the theft was the computers that housed the information. The stolen information represents approximately 1 percent of Christus St. Joseph's patient data.
The hospital terminated its contract with the vendor.
The Bottom Line: Your business associates' failure to enforce strict security measures could jeopardize both your patients and your security rule compliance.
PATIENT PRIVACY DOESN'T EXTEND TO 911 CALLS, PAPERS ALLEGE
Emergency calls are open records that can't be kept confidential, according to a suit filed by a bevy of Louisiana newspapers against the state's Emergency Medical Services (EMS).
The Times of Shreveport, News-Star of Monroe, Town Talk of Alexandria, Daily Advertiser of Lafayette, Daily World of Opelousas and the Louisiana Press Association have joined forces to obtain the recordings of assistance calls made by Louisiana Secretary of State Fox McKeithen after a fall outside his home Feb. 21.
The papers believe the information is subject to the state's public records law. But EMS considers all emergency calls to be medically sensitive information that's protected by HIPAA, EMS attorney Henry Olinde told the Shreveport Times.
The Bottom Line: You can expect to see more states taking a stand on this issue as the privacy rule bumps up against state laws.
DOUBLE CHECK THE SECURITY OF YOUR PHI DELIVERIES
If you think a box will keep your paper-based records safe from a privacy breach, think again.
That's the lesson the Cleveland Clinic learned April 5 when 3,000 detailed patient statements were strewn downtown after a box fell off a delivery truck, the Chicago Tribune reports. The records originated at Lakewood and Marymount Hospitals.
The statements contained patient names, numbers, home address and other billing information. "We are currently identifying which patient records were impacted and will be contacting those patients directly," stated Eileen Sheil, a Cleveland Clinic spokesperson.
The Bottom Line: Your privacy protections must be stringent enough to safeguard PHI - even when it's in motion.