When people think of HIPAA breaches a lot of times they think of hackers breaking into a network and stealing patient information. While that is a real concern, another cause of breaches should not be ignored. What is the other cause of breaches you should be concern with? Your employees. Employees cause HIPAA breaches. In two recent incidents, employees of healthcare organizations caused large HIPAA breaches. Neither breach was done maliciously but both resulted in patient notifications.
Employee sends PHI via email to herself
The first breach occurred at Rocky Mountain Spine Clinic:
Lone Tree, Colo.-based Rocky Mountain Spine Clinic is notifying its patients of a HIPAA data breach after a former employee inappropriately emailed herself a document containing the protected health information of 532 patients.
The clinic announced the incident Wednesday and has since fired the employee, according to a report by the Denver Post.
The email sent to the former employee’s personal account contained patient names, insurance company data and information about patients’ surgical procedures.
Employees use Google cloud services
The second breached, which occurred at Oregon Health & Science University, caused by employees resulted in 3,044 patients being notified. Physician and residents were using Google cloud services to maintain patient information. Google is not a Business Associate for Oregon Health & Science University.
The Oregon Health & Science University has notified 3,044 patients that their protected health information has been compromised after several residents and physicians-in-training inappropriately used Google cloud services to maintain a spreadsheet of patient data.
The Google cloud Internet-based service provider is not an OHSU business associate with a contractual agreement to use or store OHSU patient health information, according to officials.
Both of the above HIPAA breaches were caused by employees. The breaches were for different reasons but they both have a common theme. The lack of employee training and understanding of protecting patient information will cause HIPAA breaches. Employees must understand how to protect patient information. They need to know what is appropriate and what is inappropriate when handling patient information. It is critical that all employees receive HIPAA security training.
Don’t assume that your employees understand the HIPAA requirements. HIPAA breaches are expensive. It is a lot cheaper to provide employee security training so employees understand how to protect patient information and avoid HIPAA breaches.
Free HIPAA Security Training!
All Covered Entities and Business Associates need to train their employees on HIPAA security. We now offer free online HIPAA security training for Covered Entities and Business Associates. Find out more about our free training and send the information to ALL your colleagues and Business Associates.
Now it is easy to train your employees on protecting patient information!