A tenured employee of the emergency department of Kings County Hospital in Brooklyn is alleged to have stolen the protected health information of at least 100 individuals while working at the hospital and disclosed that information to another individual using an encrypted smartphone app.
In June 2017, the FBI received a tip that the employee was stealing patient information and selling the data to another individual. The tipster also provided paper copies of health information to the FBI which had been printed out between December 2016 and June 2017. The printouts contained the protected health information of 49 individuals, which the hospital confirmed was obtained from its electronic health record system.
The employee was arrested in February, fired by the hospital in April, and has been released on an $80,000 bond. Authorities are uncertain what the disclosed PHI was used for.
HIPAA requires that Covered Entities record and maintain PHI access logs and to review those logs regularly for signs of unauthorized access. While it may not be possible to prevent unauthorized accessing of PHI by healthcare employees, it is possible to detect breaches promptly and limit the harm they cause. Smart Training’s continuing guidance on employee background checks and login monitoring are aimed at detecting this kind of unauthorized access or limiting the opportunity for it to occur.
Read about additional HIPAA Data Breaches here