In the past you would need a truck to steal 10,000 patient’s charts. Now you can download a report out of an EHR and copy it to a thumb drive and stick it in your pocket.
In an interesting article over at Business Insider called: The Biggest Threat To National Security Is The Thumb Drive, they go into how major security breaches were caused by thumb drives.
How did we destroy Iranian nuclear facilities? With a thumb drive. And how did Snowden allegedly smuggle out the blueprints to the NSA? With a thumb drive.
We already wrote about how gang members are getting their girlfriends to steal patient information. There is a good chance the information is being copied to thumb drives.
We also wrote about employees that quit a medical practice and stole EHR data. There is a good chance that the data was copied to a thumb drive.
There has been many breaches associated with unencrypted data on thumb drives that were lost or stolen. We gave advice that you should: Fear and destroy USB drives!
So what are some of the things you can to prevent the risk of thumb drives?
- Perform a Risk Assessment to determine the risk associated with thumb drives. Do the risks outweigh the benefits?
- Have your IT department or company disable the ability to add or use USB drives on computers. With simple policies it is possible to disable the use of thumb drives. Be forewarned, as soon as you disable the use of thumb drives, you will hear a 100 reasons why they are needed especially from physicians.
- Encrypt all thumb drives. If you must use thumb drives then only use encrypted thumb drives to protect the data that is stored on them.
- Make employees aware that they are being watched. It is critical that employees receive training that makes them aware that all access to patient information is being recorded. Knowing that they are being watched may act as a deterrent to prevent illegal activity.
- Audit Record Access. It is critical to monitor employee access to patient information. If you are not looking at audit logs, you will have no idea what your employees are doing inside your EHR. If one employee is accessing 200 records a day and all other employees are only accessing 20, this could be a red flag.
The dangers of thumb drives are real. Thumb drives make it very easy to copy a large amount of records, files and data. They are small and easily hid in pockets and purses.
Training Your Employees About PHI Auditing Their Actions Are Being Watched
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!