A hospital on Long Island disclosed this week that one of its night-shift staff had accessed electronic Health record information inappropriately, in violation of the hospital’s standards. About 13,000 patients received letters from Huntington Hospital about the incident, informing them that the employee had been fired and later charged with a criminal HIPAA breach. Huntington Hospital has a comprehensive compliance policy that includes regular employee training, the use of security measures to monitor access to medical record apps, and medical record access audits.
Despite the fact that the hospital concluded that the employee accessed patient information in an unauthorised capacity between October 2018 and February 2019, the event was not publicised until November 2021. According to the hospital, law enforcement, which was investigating the incident, ordered the delay in communication. The HIPAA violations were the consequence of that investigation.
However, there is assistance available: Security firm CynergisTek enhanced its Patient Privacy Monitoring Services this year to enable providers more proactively identify insiders who might be seeking unwanted information, specifically about COVID-19, in an effort to prevent such instances.