Depressing example of hospital failing to mange the security of patient data when sending it off site.
I think the key element of this is that you may outsource the storage or destruction of data – but you do not and cannot outsource your responsibility to the patient for maintaining the confidentiality of their personal information.
As a result…South Shore Hospital in South Weymouth, Mass., has agreed to a $750,000 settlement for a 2010 data breach.
Interesting to read summary of survey on security breaches in healthcare institutions in US (205 surveyed).
The old reliable is the number one source: employees. Not difficult to see how can happen – employee ends up with inappropriate level of access to some patient data.
Two other areas catch my attention:
- Increasing use of mobile technology – need to think through the risks associated with new mobile technology – where is data being stored and from where is it being accessed?
- Third party breaches – working with partners and ensuring that security of data continues to be maintained in line with all regulations and legal requirements