ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

Patient behind breach using hospital library laptop

The New Hampshire Department of Health and Human Services announced on December 27 that a former New Hampshire State Psychiatric Hospital patient is behind a breach that began on a laptop computer located in the hospital library and affected approximately 15,000 patients, exposing names and addresses along with Medicaid ID numbers and Social Security numbers.

While patients were permitted to use the library and the computers, they should not have been able to access patients’ PHI. At the time of the breach in October 2015, a staff member observed a patient accessing “non-confidential” hospital data and alerted a supervisor. Steps were then taken to restrict access to the library computers, though neither the hospital nor the NH-DHHS were informed of the incident.

In August 2016, a security official at the hospital alerted NH-DHHS that the data may have been posted on a social media website. An investigation into the incident was launched, however, according to the breach notice published by NH-DHHS on December 27, “An investigation at that time did not reveal any evidence that confidential personal or personal health information had been breached.”

On November 4, 2016, hospital security notified NH-DHHS that the patient had posted some PHI to a social media site that day. Within 24 hours, the PHI was removed from the site and a criminal investigation was launched and continues. The department is notifying those who may have been affected and is recommending that anyone who received services from DHHS before November 2015 take steps to monitor their credit and bank statements.

Could your company be at risk for a similar breach? Can you risk finding out on a social media posting?

A critical part of PrivaPlan’s Security Risk Assessments is the PHI Inventory, which works for both physical PHI and electronic PHI. The inventory process identifies all areas in the facility that PHI is located and how it is used. By performing this assessment and documenting where PHI is located, covered entities can protect their patients’ information from unauthorized breaches described here.

For more information or other services PrivaPlan provides, contact our HIPAA experts at info@privaplan.com or call 877-218-7707.

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.