Third-party vendor hacking compromises hospital records
HIM-HIPAA Insider, November 3, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
A security breach at a third-party vendor in Ohio may have compromised the medical records of patients treated by a physician at Penn Highlands Brookville in Pennsylvania, according to a Penn Highlands Healthcare announcement.
Penn Highlands Brookville is one of four hospitals operated by Penn Highlands Healthcare. The hospital discovered August 14 that an unauthorized party gained access to the Ohio-based third-party server used to store PHI of patients of Barry J. Snyder, MD, who is employed by the hospital. The medical records stored on the server may have contained the following patient information:
- Names
- Addresses
- Dates of birth
- Driver’s license numbers
- Social Security numbers
- Phone numbers
- Insurance information
- Medical information
- Gender
Upon learning of the incident, the hospital hired security and computer forensics experts to conduct an investigation. PHI of Dr. Snyder’s patients was moved to a secure server and the data contained on the affected server was destroyed, according to the announcement.
This article originally appeared on HCPro’s HIPAA Update blog. Stay up to date on all things HIPAA by signing up for e-mail updates from this blog.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Residency coordinators’ responsibilities
- Study: Shorter shifts reduces residents’ attentional failures
- Note similarities and differences between HCPCS, CPT® codes
- RPA Subscriber Exclusive: February issue of Residency Program Alert now available
- The consequences of an incomplete medical record
- OSHA HazCom updates include labeling, SDS requirements
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- OSHA HazCom updates include labeling, SDS requirements
- Tip: Note new thyroid imaging codes
- Tim Porter-O'Grady sounds off
- Skills of effective case managers
- Q: Can you clarify the reporting of dates on the plan of care for diagnosis onset and exacerbation?
- Q&A: Defining Subacute
- Q&A: Are colleges sending students to our facility for rotations business associates?
- Note similarities and differences between HCPCS, CPT® codes
- Fracture coding in ICD-10-CM requires greater specificity
- Searched