Trinity Medical Center Lost 4,500 Patient

.puters-and-Technology An Alabama woman has been charged with violating the Health Insurance Portability and Accountability Act (HIPAA) for allegedly stealing the medial record information of 4,500 patients from Trinity Medical Center in Birmingham, possibly with the intent of using that information for identity theft, while an associate of hers was a patient at the hospital, reported The Birmingham News. Chelsea Catherine Stewart, 26, was arrested on the morning of June 2, 2011 by U.S. Postal inspectors, who acted after Alabaster police found hundreds of pages with names, birth dates and Social Security numbers at a house in Alabaster, where Stewart was staying. The files spanned several years, including before 2006, when Trinity was still Montclair Baptist Medical Center. According to the news report, the surgery schedules were stolen from a closed patient registration area. Law enforcement officials also said Stewart made "to do" lists with the intent of using patients’ information for identity theft and fraud. Stewart was charged with violating the HIPAA Privacy Rule, which protects the privacy of medical records, and released on an unsecured bond of $5,000. She has not been indicted and has not had to enter a plea. She may face additional charges, said her court-appointed attorney, Scott Brower. The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996 to protect the health insurance coverage of workers and their families when they changed or lost their jobs. The Administrative Simplification (AS) provisions also address the security and privacy of health data. According to the charging document, Stewart said she had taken the records from the hospital when visiting a patient there between March 22 and April 1. Alabaster police found the paperwork on April 8 at a house where Stewart was staying, postal inspector John Bailey said in an affidavit. There are handwritten notes with some people’s personal information that could be used for identity theft, plus a sort of "to do" list for fraud, added Bailey. Additionally, Stewart had been arrested by Alabaster police and charged with two counts of breaking into a vehicle and two counts of credit card fraud on 29 May 2011, four days before Alabaster police found the medical records at her house. Those cases are still pending in Shelby County District Court. After the incident, Trinity Medical Center mailed letters to all 4,500 affected patients offering free credit monitoring. "We take our responsibility to protect patient privacy very seriously and sincerely regret that this theft occurred," spokeswoman Leisha Harris said in the emailed statement. "To help safeguard against any further incidents, we are increasing our document security and changing access to our registration areas." All stolen information has been recovered and an arrest has been made in the case. The hospital has no reason to believe this information has been or will be used in a way that would cause harm, added Harris in the emailed statement. According to a new report from Deloitte, Privacy and Security in Health Care: A Fresh Look, says that as the health care industry increasingly adopts electronic health records, clinical data warehousing, home monitoring, and telemedicine, the risks of patient data breaches are also increasing. Some of the reasons identified in the report for inadequate data protections by health care providers include a lack of internal resources, poor internal controls over patient records, a lack of upper management support for data security, outdated policies and procedures, and inadequate personnel training. This incident highlights the need for proper internal control over patient medical records and the need of better data security systems in medical institutions to protect patients personal details. Medical institutions and organizations should implement robust information security initiatives, including hiring highly trained information security experts, to avoid cyber crimes and security breaches. IT security professionals can increase their information security knowledge and skills by embarking on advanced and highly technical training programs.EC-Council has launched the Center of Advanced Security Training (CAST) to address the deficiency of technically proficient information security professionals. CAST will provide advanced technical security training covering topics such as advanced pe.ration testing training, Digital Mobile Forensics, Cryptography, Advanced .work Defense, and advanced application security training, among others. These highly sought after and lab-intensive Information Security training courses will be offered at all EC-Council-hosted conferences and events, and through specially selected authorized training centres. About the Author: 相关的主题文章: