Employee error leads to San Diego hospital breaches
HIM-HIPAA Insider, July 28, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
In just one week, Rady Children’s Hospital-San Diego uncovered multiple breaches of PHI caused by human error that affected more than 20,000 patients, according to a hospital press release.
The first breach occurred June 6 and affected 14,121 patients admitted to the hospital from July 1, 2012, through June 30, 2013. The breach occurred when a hospital employee accidentally emailed a spreadsheet containing PHI to four job applicants when trying to send a training file to evaluate the applicants. Upon contacting the four applicants, the hospital learned that one forwarded the email and attachment to two additional people. The spreadsheet contained patients’ names, dates of birth, primary diagnoses, admit/discharge dates, and medical record numbers, as well as insurance carrier and claim information, according to the press release.
While performing an internal investigation following the June 6 breach, the hospital learned that a similar breach affecting 6,307 patients occurred in August, November, and December 2012. In this instance, a hospital employee emailed a test file containing PHI to three job applicants. An additional six applicants took the same test at the hospital, but were unable to save, store, or send the data. The test contained patients’ names, discharge dates, location they were seen, payer name, and balance, according to the press release.
This article originally appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Don't forget the three checks in medication administration
- Residency coordinators’ responsibilities
- RPA Subscriber Exclusive: February issue of Residency Program Alert now available
- Study: Shorter shifts reduces residents’ attentional failures
- Practice the six rights of medication administration
- Editor’s note
- The consequences of an incomplete medical record
- Nursing responsibilities for managing pain
- Note similarities and differences between HCPCS, CPT® codes
- Q&A: Primary, principal, and secondary diagnoses
- E-mailed
-
- White Paper: Postacute CDI: An Introduction to Long-Term Acute Care Hospitals
- Use modifiers -59, -91 to "explain" duplicate codes
- Tim Porter-O'Grady sounds off
- ICD-10-CM coma, stroke codes require more specific documentation
- Fracture coding in ICD-10-CM requires greater specificity
- Eight tips to improve MRI throughput
- Searched