Home Health & Hospice Week

Industry Note:

Don't Forget Former Staff For HIPAA Compliance

You still have to worry about employees’ laptops and portable devices when it comes to HIPAA — even if they aren’t employees anymore.
Case in point: A home burglary sparked a breach incident for St. Elizabeth’s Medical Center in Brighton, Mass. Thieves stole a former employee’s laptop and thumb drive that contained 595 pa-tients’ protected health information, according to attorney Kathryn Sylvia of Nixon Peabody. The laptop and thumb drive were not encrypted and contained patients’ dates of birth, medical history, diagnoses, test results and medications.

The former employee was a physician at St. Elizabeth’s. Although St. Elizabeth’s has reported the theft to affected patients and officials do not believe that the thieves have misused the PHI, local police are still investigating the incident, Sylvia noted in a blog post.

Takeaway: "This should be a lesson ... to ensure that, upon termination, all employees return electronic patient data and all hard drives or USB thumb drives are wiped clean to avoid situations like this," Sylvia stressed.

And it reinforces that PHI should be en-crypted in any case, experts note.

Other Articles in this issue of

Home Health & Hospice Week

View All