All Data Fast News is © Data Fast Solutions, unless where otherwise indicated • All Rights Reserved

Data Fast News


Keep up to date with Data Fast Solutions for your business.

Healthcare Data and Human Error

Medical Data BreachSafeguarding electronic Personal Health Information (ePHI) can be done in many ways technologically. However, it's often human error that can cause a breach to occur. If a device containing ePHI is lost or stolen and it doesn't have proper encryption or access protection, all of the data on the device is in jeopardy. A recent settlement between the U. S. Department of Health and Human Services Office for Civil Rights (OCR) and MAPFRE Life Insurance Company of Puerto Rico for $2.2 million was due to human error. According to a breach report filed with OCR by MAPFRE, a USB data storage device was stolen from their I.T. department and there were no safeguards in place to keep the names, dates, and social security numbers of over 2,200 individuals from being compromised. MAPFRE implemented a corrective action plan in addition to the settlement.

A thorough, monthly, risk analysis of HIPAA-related data can help prevent a corrective action plan from having to be implemented. In an article, How to Reduce Human Error and Prevent HIPAA Breaches, published in the "HIPAA Journal", spokesperson for the OCR, Rachel Seeger stated that "Human error increases risk when there are already vulnerabilities in place." No technological advances made, to date, have been able to compensate for human mistakes when it comes to sensitive data.

Laptop stolen out of carIn conjunction with risk analysis, training new employees and conducting on-going training of existing employees can help thwart a data breach. According to the HIPAA Journal training should include:

  • Encouraging employees to self-report known security concerns
  • Instructing staff to report the errors of others
  • Correcting bad habits as quickly as possible
  • Implementing automation that can reduce errors
  • Employing fail safes, such as alarms and system alerts to notify employees when a breach has taken place
  • Conduct internal audits
  • If an employee is unsure if they are compromising privacy data, instruct them to seek advice

Additional, more specific, training based on the needs of your particular healthcare organization can help ensure that a data breach from human error will not occur. For example, in offices that utilize marketing via social media and other types of advertising, patient privacy should always be first. Only those patients who provide consent for their photos, or other personal data, can be used. 

As was the case with MAPFRE Life Insurance Company, even data that is not transferred out of a facility is still left vulnerable to theft. Having physical safeguards in place within an organization such as keeping sensitive data under lock and key is one way to keep them contained. Implementing technology such as a remote wipe-out of stolen data isn't always effective if a theft is not reported immediately.

Technology is only as good as the person utilizing it. There will always be human error in technology but through continual risk analysis and training, the mistakes can be kept to a minimum and contained.

This article is ©2017 Data Fast Solutions • All Rights Reserved

Comments are closed.