Health Information Management

Keep tabs on digital cameras

HIM-HIPAA Insider, December 28, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

You worry about laptop computers and other portable devices being stolen. But what about digital cameras?

A stolen digital camera that contained photographs and newborn babies’ personal information resulted in a privacy breach at the University of Arkansas for Medical Sciences (UAMS) in Little Rock. On October 12, someone stole the camera from the pocket of a nurse’s lab coat, according to a posting on the UAMS website.
Many people would not think of a digital camera as a security risk, says Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR. “Many healthcare organizations do not take into account all of the places PHI is stored such as on a digital camera, copy machines, fax machines, biomedical equipment, and so forth, and [do not] recognize it as a security risk.”
UAMS is reminding staff about the need to secure items such as cameras. It is also reminding staff about the need to delete images from cameras after downloading them to a secure computer.
As soon as a photo is taken, staff should store it in a hospital’s electronic health record or some other managed system and remove it from the camera, says Christopher Hourihan, manager of common security framework development and operations at HITRUST, the Health Information Trust Alliance in Frisco, TX.
UAMS is also reviewing all of its policies and procedures involving photographs of patients to ensure that it is doing everything it can to prevent such an incident from occurring again.  
Editor’s note: To read more, subscribe to HCPro’s Briefings on HIPAA. Subscribers can find the article in the December issue of their newsletters.

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular