Two more data breaches were revealed this week, one in South Carolina and one in Georgia, with the latter involving patients’ protected health information (PHI). Well over a million records have been exposed in several security breaches over the past month.
The South Carolina Health and Human Services Department announced the improper transfer of more than 200,000 Medicaid beneficiaries’ records to one of its employee’s E-mail account, in violation of the department’s policy. State law enforcement is investigating, and various other state and federal agencies have been notified of the breach. Meanwhile, the employee in question has been terminated.
Atlanta’s Emory Healthcare system discovered that ten backup disks, containing records of approximately 315,000 patients who received surgical procedures between 1990 and 2007, were missing from a storage facility in February. In addition to Social Security numbers for a majority of these patients, PHI including diagnoses and procedure codes were potentially exposed. An investigation is ongoing. Both Emory Healthcare and the SC Health and Human Services Department are offering identity-theft protection to affected patients free of charge.
HIPAA-ready medical billing or Electronic Medical Records (EMR) software, or a full suite such as Allscripts MyWay or McKesson Practice Choice, is an important first step in protecting PHI, but other measures need to be taken in order to be fully HIPAA-compliant. Microwize Technology can assist in this process.