E-Mail Causes Hospice HIPAA Violation
Make sure your staff are thoroughly trained — and retrained — about HIPAA-compliant e-mail procedures. One Texas hospice is learning that lesson the hard way. Hope Hospice in New Braunfels notified 818 patients when it discovered in a routine security check that an employee had e-mailed a report containing PHI to himself using “an unsecured channel,” the hospice says in a notice on its website.
“The information included in the report was limited to 818 patient names, referral source, referral and admission date, name of insurance company, chart number, county and date of discharge,” the hospice says about the December e-mail. “The information did not include other sensitive personal identification such as social security numbers, dates of birth or addresses.”
Bottom line: “The information was secured February 28, 2013, and the Agency does not believe the type of information included presents a risk of financial harm,” the hospice says.
In response to the incident, Hope has given staff additional training, is reviewing its policies and procedures for improvement, and is tightening up security, it says.
Don’t Forget Paper Records In HIPAA Security
A North Carolina hospice is notifying patients of a possible HIPAA breach, and for once stolen laptops aren’t to blame.
Due to a Feb. 24 break-in at its office in Burlington, N.C., Hospice & Palliative Care Center of Alamance-Caswell did suffer stolen laptops. However, the data on the laptops was all encrypted for security, reports The Times News newspaper. Instead, the hospice had to notify about 5,370 past hospice and LifePath Home Health patients that personal health information in paper medical and billing records could have been compromised by two intruders.
The two 19-year-olds charged with the crime allegedly cost the hospice more by discharging fire extinguishers inside the building than the thefts, the newspaper says. Even though the thieves didn’t appear to be after PHI, “you can’t be too careful,” a hospice rep told The Times News.
The hospice is offering free credit monitoring for a year and is recommending those notified about the potential breach place a fraud alert with credit bureaus.