Health IT Pulse

Aug 11 2011   1:52PM GMT

Even HIPAA auditors can have a health care data breach

AnneSteciw Profile: AnneSteciw

health care data breach
HIPAA auditors
HIPAA violations
mobile device management
PHI encryption

Since the Office for Civil Rights (OCR) began publishing information on health care data breaches affecting 500 or more individuals on its website, 300 breaches have been reported. Two of those data breaches were reported by KPMG, LLP, as a business associate to the New Jersey health care system.

The breach occurred in June 2010, when a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care. Eight months later, KPMG was chosen by OCR to develop a HIPAA auditing protocol and conduct audits on 150 covered entities and business associates before Dec. 31, 2012.

Considering encryption is one of the most important tools in avoiding a health care data breach, it’s surprising that a HIPAA auditor would be using an unencrypted device, even if KPMG was not an auditor at the time of the breach. KPMG said it would implement improved security measures to avoid future breaches. Hopefully those improved security measures include the use of encrypted flash drives.

Most health care organizations are becoming keenly aware of the need to keep mobile devices secure. SearchHealthIT’s recent security and privacy report shows that encryption and mobile device security ranked highest among the technologies that health IT professionals plan to purchase in the next year to help their organization achieve HIPAA compliance. Survey respondents also reported that the weakest link in hospital patient data security is staff who leave laptops or records in open areas.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: