I remember watching the show ER when I was younger, and wondering if that’s what the hospital environment was really like. If it wasn’t a deadly infectious disease spreading like wildfire through the staff, it was a gunman. Or an earthquake. Or the love triangles among the ridiculously good-looking surgeons and nurses that make it impossible for anyone to do their job.
But something tells me right now, the real nightmares plaguing hospital executives involve situations like a go-live gone dead, or a security breach. If you aren’t worried at all about the latter, you haven’t read a newspaper in a while.
This is a sampling of some of the cases I’ve heard about in the past six months:
- Moses Cone Health System (Greensboro, N.C.) reported that a laptop containing confidential patient information, including Social Security numbers, was stolen from an employee's vehicle in Canton, Ga. According to a report, information on the laptop was not encrypted but password protected.
- At Parkland Health and Hospital System (Dallas), a laptop computer that may have contained the names, birthdates and Social Security numbers of 9,300 employees was stolen.
- At Kaiser Permanente, the personal information of 29,500 employees may have been exposed. Police in San Ramon, Calif., seized a computer file containing the employee information from a suspect (not a Kaiser Permanente employee) who was arrested. The file contained the names, addresses, phone numbers, Social Security numbers and dates of birth of the Kaiser workers.
- The CFO of Cedars-Sinai Medical Center (Los Angeles) wrote to more than 1,000 patients to warn them that a former hospital employee stole their personal information, possibly in an attempt to commit insurance fraud.
- At University of Iowa Hospitals and Clinics, at least eight employees inappropriately accessed the records of a patient. One person at the 653-bed hospital in Iowa City was terminated as a result of the discovery, and seven others were given five days unpaid leave.
And finally, this little incident:
- A few days ago, it was reported that a Virginia government Web site was replaced last week with a ransom note from a hacker claiming he stole 8.3 million patients' personal and prescription drug information. The Virginia Prescription Monitoring Program's site tracks prescription drug abuse and contains 35.5 million prescriptions in addition to enrollees' personal information, such as names, social security numbers and addresses.
The situation, which is under investigation, should serve as a wake-up call to CEOs, CIOs, CFOs and all hospital leaders — not just to have sufficient security measures in place, but also to have a procedure outlining what steps need to be taken in the event that a breach occurs. The privacy and security provisions of HIPAA as a result of the HITECH Act include some significant changes in breach notification requirements. For a quick tutorial on this, read Anthony Guerra’s interview with Kate Healy, chair of the healthcare technology group at Verrill Dana.
Information leaks can cost hospitals millions of dollars and cause irreparable damage to the organization’s reputation, particularly if they are not dealt with in the best way possible. If you’re not on top of this issue, it’s a good idea to get educated.
The consequences are a lot scarier than the prospect of having to choose between Dr. Carter or Dr. Ross.