Medical practice to pay $150,000 to settle data breach violation

Jan 02nd, 2014 / Category: Managed File Transfer

A Massachusetts-based dermatology practice recently agreed to pay $150,000 to settle a data security compliance violation. This incident underscores the importance of high-quality secure file transfer solutions for healthcare providers, as well as the consequences that can result when best practices are not followed.

A preventable breach
The dermatology practice experienced a data breach when a USB drive containing a variety of sensitive patient information was stolen from a staff member. Approximately 2,200 individuals were affected by this breach. The USB drive did not feature any encryption protection and was never recovered.

This incident led to an investigation by the Department of Health and Human Services (HHS) to determine whether the Health Insurance Portability and Accountability Act (HIPAA) had been violated. Ultimately, the investigation determined that the healthcare provider had failed to effectively and accurately analyze the potential risks and weaknesses of its protected health information (PHI) policies.

Additionally, the organization was found to have violated the Health Information Technology for Economic and Clinical Health (HITECH) Act, as there was a lack of policies and procedures for training staff members as to how to handle sensitive electronic health data.

"As we say in healthcare, an ounce of prevention is worth a pound of cure," said Leon Rodriguez, director of the HHS' Office for Civil Rights. "That is what a good risk management process is all about - identifying and mitigating the risk before a bad thing happens. Covered entities of all sizes need to give priority to securing electronic protected health information."

In addition to paying a $150,000 fine, the dermatology practice also agreed to develop new risk analysis and risk management policies to address any remaining security issues.

Better solutions available
Incidents such as this one highlight the risks that healthcare providers must account for, especially as the use of electronic data becomes mandated. There are countless benefits to the use of digital information, with perhaps the most noteworthy being the far greater ease and speed of communication between providers. However, these benefits can only be experienced if data sharing is handled in a safe, reliable manner.

That is why healthcare providers of all kinds should consider investing in high-end secure file transfer solutions. These tools can ensure that sensitive files remain fully protected while they are in transit between healthcare providers. There is no longer a need to rely on physical devices, such as laptops and USB drives, as a means of transporting such data. This is essential, because, as this and countless other incidents have thoroughly revealed, such devices will frequently be lost or stolen. And while the healthcare provider may mandate the use of encryption and other data protection strategies, employees will frequently ignore such safeguards, either due to ignorance or convenience.

A digital file sharing solution, on the other hand, can make moving sensitive files simple and easy, all while ensuring a high level of security.