Site icon ProHIPAA

Are My Employees a HIPAA Risk to My Practice?

Danger

Here’s the headline:

Georgia Eye Center Discovers Insider Breach: 10,891 Patients Impacted.

That’s a headline no company wants to see in the news. A data breach that impacted over 10,000 of your patients! The kicker to the story is how the breach happened.

An employee of the Thomasville Eye Center in Thomasville, GA, was discovered accessing the protected health information of patients without authorization. PHI was stolen from the eye center and used to open credit accounts in the names of the patients.

An internal employee breached patient PHI for his own personal gain. To me, that identifies a large training gap for the employees, as well as the importance of performing background checks on every new hire.

If employees are provided with access to the protected health information of patients, there is a risk of PHI access rights being abused. While it is not possible to eradicate the risk of data theft by employees, healthcare organizations can take a number of steps to reduce risk. These include:

Exit mobile version