Privacy Briefs: December 2021

By Jane Anderson

◆ Huntington Hospital in New York has sent notices to approximately 13,000 patients about an incident that happened in late 2018 and early 2019 involving a night shift employee who improperly accessed electronic medical records.[1] The employee was immediately suspended and subsequently fired, and a law enforcement investigation resulted in the former employee being charged with a criminal HIPAA violation. “The hospital cooperated with the law enforcement investigation, which included following instructions to delay notifying any patients who were potentially impacted by this incident through November 2021,” Huntington Hospital said in a statement. “There is no evidence that the former employee accessed Social Security numbers, insurance information, credit card numbers or other payment-related information. The patient information accessed by the former employee may have included demographic-type information such as name, date of birth, telephone number, address, internal account number and medical record number; and clinical information such as diagnoses, medications, laboratory results, course of treatment, the names of health care providers, and/or other treatment-related information.” In addition to its “robust compliance program that includes ongoing training of its employees, implementation of security tools to monitor access to medical record applications, and audits of medical record access,” the hospital said it has “taken additional steps to prevent this type of incident from occurring in the future, including bolstering access controls and targeted re-training of staff on the importance of protecting patient confidentiality.” Huntington Hospital is offering all affected patients complimentary identity theft protection services.

◆ Southern Ohio Medical Center (SOMC) in Portsmouth, Ohio, was forced to reschedule some procedures and divert ambulances to other hospitals after it was hit with a cyberattack.[2] “This morning, an unauthorized third-party gained access to SOMC’s computer servers in what appears to be a targeted cyber attack,” the hospital said in a statement. “We are working with federal law enforcement and internet security firms to investigate this incident. Patient care and safety remain our top priority as we work to resolve this situation as quickly as possible. While this does not impact our ability to provide care to current inpatients, we are presently diverting ambulances to other hospitals.” The hospital canceled appointments for medical imaging, cancer services, cardiovascular testing, cardiac catheterization, outpatient surgery and outpatient physical and occupational rehabilitation following the Nov. 11 attack.

This document is only available to subscribers. Please log in or purchase access.
Purchase Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings