Data breaches at U.S. hospitals are a huge inconvenience and setback for the organizations. But more importantly, they put thousands of patients' personal data in the wrong hands, including health records, social security numbers and insurance information. What's worse is that these breaches are often the result of negligence and human error – easily avoidable issues with the right mindset and system. Additionally, ill-minded employees might attempt to gain access to valuable patient accounts and should also be taken into consideration.
Through the use of a biometric security platform, hospitals and other health care providers can neutralize mistakes by restricting access and protecting valuable patient records.
NJ health centers repeatedly lose patient info
Since 2009, the U.S. Department of Health and Human Services discovered New Jersey healthcare providers have compromised the information of almost 1 million individuals, reported NJ Advance Media. The latest breach occurred in August, when the Jersey City Medical Center lost a compact disc full of unencrypted Social Security numbers, payment data and Medicaid patient admission dates.
In total, 14 breaches involving 17 healthcare providers have happened in New Jersey in the last five years. The breaches include stolen laptops and lost thumb drives and affected even the New Jersey Department of Human Services. And because the lost and stolen data is unencrypted, anyone can access it with ease.
While encryption is required in many industries, healthcare is not one of them, Deven McGraw, Director of the Health Privacy Project at Center For Democracy and Technology, told NJ Advance Media.
"Everybody encrypts sensitive data," explained McGraw. "Banks encrypt, credit cards encrypt … but for whatever reason, the healthcare industry has been very slow to install widespread encryption."
But even with encryption, data breaches can be detrimental. These hospitals should take extra measures to keep information safe. Biometric technology can limit access to these data troves by requiring certified personnel to provide a fingerprint. While encryption protects the data itself, it is more effective to keep the storage devices from falling into the wrong hands in the first place.
"Technology has become the backbone of the health care," Rachel Seeger, spokesperson for Health and Human Service's Office of Civil Rights, explained to NJ Advance Media. "[Facilities] have to take meaningful steps to protect their patients' information with as much care and diligence as they do their patient physical safety."
Employee charged with identity theft
Often, it is more than negligence that causes data to go missing – it is intent. Employees often have the best access to client information, which is why it is important to provide access control only to trusted and qualified individuals.
In Florida, Aventura Hospital and Medical Center reported its third breach in two years, reported Local 10 News. The most recent one impacted 82,601 people and has spanned from September 13, 2012 to June 9, 2014. The second breach ended a day before the new one began, and affected 2,560 patients, while the first breach occurred from October 1, 2012 to December 31, 2012 and burdened 948 people.
The information included names, birth dates and social security numbers. Ancillary company Valesco Ventures manager Terry Meadows told Local 10 News that last May "an employee may have improperly accessed the personal identifying information of a number of patients of Aventura Hospital."
That hunch turned out to be true: Aventura mental health technician Felicidy Butler was arrested and charged with identity theft for stealing records from laptops and data storage devices. With a better security infrastructure in place, such as a fingerprint scanner or a locked server cabinet, the hospital would have avoided such a breach.
Find out how to create an indisputable audit trail with proper physical access control by downloading our whitepaper here.