Health IT Pulse

Aug 11 2011   1:52PM GMT

Even HIPAA auditors can have a health care data breach

AnneSteciw Profile: AnneSteciw

Tags:
health care data breach
HIPAA auditors
HIPAA violations
mobile device management
PHI encryption

Since the Office for Civil Rights (OCR) began publishing information on health care data breaches affecting 500 or more individuals on its website, 300 breaches have been reported. Two of those data breaches were reported by KPMG, LLP, as a business associate to the New Jersey health care system.

The breach occurred in June 2010, when a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care. Eight months later, KPMG was chosen by OCR to develop a HIPAA auditing protocol and conduct audits on 150 covered entities and business associates before Dec. 31, 2012.

Considering encryption is one of the most important tools in avoiding a health care data breach, it’s surprising that a HIPAA auditor would be using an unencrypted device, even if KPMG was not an auditor at the time of the breach. KPMG said it would implement improved security measures to avoid future breaches. Hopefully those improved security measures include the use of encrypted flash drives.

Most health care organizations are becoming keenly aware of the need to keep mobile devices secure. SearchHealthIT’s recent security and privacy report shows that encryption and mobile device security ranked highest among the technologies that health IT professionals plan to purchase in the next year to help their organization achieve HIPAA compliance. Survey respondents also reported that the weakest link in hospital patient data security is staff who leave laptops or records in open areas.

10  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Vernon Dutton
    Even HIPAA auditors can have a health care data breach http://t.co/A6Yxhz2 (from @HITExchange
    0 pointsBadges:
    report
  • Lisa
    RT @nursingpins: Even HIPAA auditors can have a health care data breach http://t.co/A6Yxhz2 (from @HITExchange
    0 pointsBadges:
    report
  • Jenny Laurello
    Even #HIPAA auditors can have a health care data breach http://t.co/nAurwR6 #HealthIT #EHR #EMR #HITPol #HITsm
    0 pointsBadges:
    report
  • ECM Partners
    Even #HIPAA auditors can have a health care data breach http://t.co/nAurwR6 #HealthIT #EHR #EMR #HITPol #HITsm
    0 pointsBadges:
    report
  • DigitalPersona
    Even #HIPAA auditors can have a health care data breach- #encryption is most important tool to avoid a #databreach http://t.co/CwMID5G
    0 pointsBadges:
    report
  • Imprivata
    Encryption is key to securing #mobile #healthcare devices & #patient data (Via @SearchHealthIT) http://t.co/NOuiXja
    0 pointsBadges:
    report
  • Neelesh Bhandari MD
    Even HIPAA auditors can have a health care data breach - Health IT Pulse http://t.co/0FmWCnX
    0 pointsBadges:
    report
  • Lava Kafle
    Even HIPAA auditors can have a health care data breach - Health IT Pulse http://t.co/fbo6PG7Z
    0 pointsBadges:
    report
  • Julie Meadows-Keefe
    #KP&G, OCR's own chosed auditor, has it's own breach through (horrors) an #unecrypted flash drive! http://t.co/buYRAwou
    0 pointsBadges:
    report
  • Ed Gonzalez Loumiet
    #KP&G, OCR's own chosed auditor, has it's own breach through (horrors) an #unecrypted flash drive! http://t.co/buYRAwou
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: