In my previous blog I addressed the issue of information security being the most important factor in protecting PHI. I had no sooner sent it off to the presses (in the cloud) when another article appeared stating that the Human Factor is the key factor in protecting PHI. Now if I can just get these two parties talking together perhaps they will come up with the notion that protecting PHI is a job for everyone in the organization. If we look at the factors involved in a breach we could find everyone from the janitor to the CEO responsible.
An administrator for the Illinois State Medical Association had a laptop stolen from their car. On the laptop, unencrypted, were 38,000 PHI records being transported for off-site storage as part of their disaster recovery program. Good intentions poor execution.
A hospital dumped boxes of PHI in the driveway of a physician that had left the organization.
A medical billing company dumped tons of patient billing records in a public dump.
A pharmacy with no HIPAA program in place at all, dumped prescription records in a dumpster.
A software company forgot to close access to an internet site where people applied for health insurance. Over 250,000 records were accessible to anyone.
I could go on and on, or you could just go to the HHS website and look at the Wall of Shame which records all PHI breaches of more than 500, that have been reported.
I can't resist quoting again the famous Pogo cartoon, “We have met the enemy and he is us”