Health Record Information Violated in New York

A hospital on Long Island disclosed this week that one of its night-shift staff had accessed electronic Health record information inappropriately, in violation of the hospital’s standards. About 13,000 patients received letters from Huntington Hospital about the incident, informing them that the employee had been fired and later charged with a criminal HIPAA breach. Huntington Hospital has a comprehensive compliance policy that includes regular employee training, the use of security measures to monitor access to medical record apps, and medical record access audits.

Despite the fact that the hospital concluded that the employee accessed patient information in an unauthorised capacity between October 2018 and February 2019, the event was not publicised until November 2021. According to the hospital, law enforcement, which was investigating the incident, ordered the delay in communication. The HIPAA violations were the consequence of that investigation.

There is no evidence that the hospital’s former employee had access to Social Security numbers, insurance information, credit card numbers, or other payment-related information, according to the hospital. Although ransomware is the most common security event in the news these days, employee spying is still a problem in the Health industry. In February, patients at Montefiore Medical System in New York were warned of a security compromise involving unauthorised access to HIPAA-protected Health information.

However, there is assistance available: Security firm CynergisTek enhanced its Patient Privacy Monitoring Services this year to enable providers more proactively identify insiders who might be seeking unwanted information, specifically about COVID-19, in an effort to prevent such instances.