- This topic has 3 replies, 3 voices, and was last updated 2 years, 7 months ago by Ashaya.i.
-
AuthorPosts
-
-
2021-09-21 at 10:34 pm #31453Karina Dian LestariParticipant
1. Provide a brief description of the story.
Handwritten notes of Oklahoma Heart Hospital (OHH) that contain patients’ information were accidentally donated to a charity by a former employee along with his/her personal items. OHH immediately investigate and collect all the notes to identify potentially affected patients. There was no evidence of information missuses, but OHH took effort on notify the patient and encouraged them to remain vigilant against identity theft and fraud. OHH also create a dedicated hotline to answer patients’ questions and concerns.2. What is/are the impact of this data breach? Consequences of the data breach.
Because of this incidence, a limited number of OHH patients’ protected health information (PHI) were accidentally disclosed. From the investigation that has been conducted, OHH determined the information that potentially at risk were patients’ names, medical record numbers, OHH visit numbers, dates of birth, ages, admit dates, genders, and clinical information consisting of diagnosis, lab results, medications and/or treatment information.
This incidence can lead to decreasing trust from the patients.3. How did the data breach occur?
OHH former employee keeps the patients’ data even he/she is not employed in the OHH any longer. The data (in handwritten notes) were mistakenly thought as personal belonging and then it was donated to charity along with other items.4. What should be the main cause of the data breach? Provide a brief explanation of the cause of data breach, such as phishing, ransomware, HIPAA violation, database misconfiguration, human error, third-party vendor error)?
The cause of this incidence is human error and not maintaining a good practice of protecting patients’ PHI.5. How could you prevent this data breach attack?
In order to prevent the incidence happening in the future, the hospital should:
– Have a policy on dealing with patient’ data, specifying level of the authority, and, if needed, how to destroy the data securely.
– Develop a secured cloud computing database system, so if employee needs to see the data outside the hospital building, the employee does not bring paperwork but can log in to hospital system.
– Educate and build awareness about the importance of data privacy and security. -
2021-09-22 at 6:20 am #31467SaranathKeymaster
Educate and build awareness of people handling these paper-based information is very important. Most of the time, you may need to hire a professional company to destroy these papers.
-
2021-09-22 at 7:58 pm #31522Karina Dian LestariParticipant
I agree, security measures for paper-based data are also needed to be applied just like the computer-based data. The regulation of data destruction is also an important aspect of preserving patients’ data privacy, including choosing the trusted professional companies that can destroy the data securely.
Thank you for the comment, Dr Saranath.
-
-
2021-09-25 at 12:09 pm #31635Ashaya.iParticipant
Thank you for your sharing, develop a cloud database system is sound interesting! Paperwork collecting can cause unexpected problem. Authorizing people who can access the data is the issue that should be concerned.
-
-
AuthorPosts
You must be logged in to reply to this topic. Login here