There are many ways HIPAA can be violated. Kaiser Permanente recently had an employee unlawfully access patient’s data. Breaches like this need to be dealt with swiftly. A patient wants to trust their provider with their personal information. Healthcare records involve quite a bit of sensitive information about an individual such as their social security number and financial information. Information such as this in the wrong person’s hands could be severely detrimental. Find out the details of how an employee of Kaiser Permanente wrongfully accessed the data of 8,500 people.
Overview of the Breach
In September 2022, Kaiser Permanente posted an announcement on its website. One of its employees accessed portions of medical records without a reasonable basis. Healthcare IT News has reported that more than 8,500 individuals were affected.
What Personal Data was Involved
The only information involved was patient demographics and medical information. No social security numbers or financial information were involved in this incident. There also is no evidence that the accessed information was shared or used to commit fraud. The company says it is reviewing policies involving access to patient medical records. They have also sent letters to affected patients.
What the HHS has to Say
“Healthcare leaders should understand where operational vulnerabilities exist in their organization, from marketing down to critical health records,” said the U.S. Department of Health and Human Services’ cyber agency. The Health Sector Cybersecurity Coordination Center has spoken about cybersecurity risks. The risk can range from phishing attacks to malware. Also, overlooked gaps in encryption to cloud threats and employees.
Having proper employee training is crucial. There also needs to be set guidelines to handle when employees abuse their power. Providers also need to think about cybersecurity. As data is stored more and more online rather than in print, having set ways to protect this data is a priority. Do you have the proper cybersecurity and employee training practices in place?
Resources:
If you want to make sure your practice is HIPAA compliant visit: HIPAA Diagnostic® – $100 Challenge
Sources:
Fox, Andrea. “Kaiser Permanente Employee Allegedly Breaches EHR.” Healthcare IT News, 22 Nov. 2022, www.healthcareitnews.com/news/kaiser-permanente-employee-allegedly-breaches-ehr. Accessed 26 Dec. 2022.
Carosh Compliance Solutions, 10769 Broadway #106, Crown Point, IN 46307
