Threats on personal health information - flaskdata

Threats on personal health information

admin

March 23, 2011

A recent HIPAA violation in Canada where an imaging technician accessed the medical records of her ex-husband’s girlfriend comes as no surprise to me. Data leakage of ePHI in hospitals is rampant simply because a) there is a lot of it floating around and b) because of human nature. Humans being naturally curious, sometimes vindictive and always worried when it comes to the health condition of friends and family will bend the rules to get information. HIPAA risk and compliance assessments that we’ve been involved with at hospitals in Israel, the US and Australia consistently show that the number one attack vector on PHI is friends and family, not hackers.
Courtesy of my friend Alan Norquist from Veriphyr
Information and Privacy Commissioner Ann Cavoukian ordered a Hospital in Ottawa to tighten rules on electronic personal health information (ePHI) due to the hospital’s failure to comply with the Personal Health Information Protection Act (PHIPA).

“The actions taken to prevent the unauthorized use and disclosure by employees in this hospital have not been effective.” – Information and Privacy Commissioner Ann Cavoukian

The problem began when one of the hospital’s diagnostic imaging technologists accessed the medical records of her ex-husband’s girlfriend. At the time of the snooping, the girlfriend was at the hospital being treated for a miscarriage.
Commissioner Cavoukian faulted the hospital for:

Failing to inform the victim of any disciplinary action against the perpetrator.
Not reporting the breach to the appropriate professional regulatory college.
Not following up with an investigation to determine if policy changes were required.

“The aggrieved individual has the right to a complete accounting of what has occurred. In many cases, the aggrieved parties will not find closure … unless all the details of the investigation have been disclosed.” – Information and Privacy Commissioner Ann Cavoukian

It was not the hospital but the victim who instigated an investigation. The hospital determined that the diagnostic imaging technologists had accessed the victim’s medical files six times over 10 months.

The information inapprorpriately accessed included “doctors’ and nurses’ notes and reports, diagnostic imaging, laboratory results, the health number of the complainant, contact details … and scheduled medical appointments.” – Information and Privacy Commissioner Report

Sources:
(a) Privacy czar orders Ottawa Hospital to tighten rules on personal information – Ottawa Citizen, January, 2011

More Articles

Risk assessment

CLINICAL TRIAL READINESS ASSESSMENT

December 2, 2022 No Comments

Are you really ready to run a clinical trial? How can you best assess your clinical trial readiness? We work with C-level executives and management

clinical data from patients

Assuring protocol compliance without checklists

November 29, 2022 No Comments

At a site monitoring visit, the CRA works on assuring protocol compliance. Assuring protocol compliance is one of the 3 pillars of GCP: The 3

Decentralized clinical trials

Home alone and in a clinical trial

November 27, 2022 No Comments

1 in 7 American adults live alone COVID and social isolation is part of our lives. During COVID, it became easier to recruit patients for

drug counterfeiting

Preventing drug counterfeiting

October 24, 2022 No Comments

Counterfeiting is old as money itself. Drug counterfeiting is no exception. In this post, we’ll share an analytical approach that you can use to estimate

clinical trial risks

What risks really count for your clinical trials?

October 23, 2022 No Comments

Is there a “black-box” risk management solution for your clinical trial? What clinical trial risks are the most important for you and your company? Risk

growth stage

Dealing with information junkies in decentralized clinical trials

October 18, 2022 No Comments

DecentraIized clinical trials software vendor Medable is doing an outstanding job in understanding and executing an online work-flow between sites and patients at home.. This understanding and

Clinical data made radically simple and affordable.

Contact

Resources

Flask Open API for clinical data

Copyright © 2022 Flask Data Ltd. All Rights Reserved.

Privacy Policy | Terms of Use