Saint Francis Hospital Patients data were stolen from independent contractor physician car in New Haven, Conn. Vanapalli is an independent contractor physician who works in the Emergency Department at Saint Francis. There are many questions related to unsecured data presence in the car. Saint Francis Hospital and Medical Center notified patients about the breach quicker than many other organizations.
Information included patient names, dates of birth and medical record numbers. It didn’t contain information like Social Security numbers, financial information or addresses.
It shows how organizations need to keep electronic health records, as well as the risks associated with paper copies of records. The incident reinforces the need for electronic health records (EHRs). But also it shows importance of safe guard measures like encryption of laptops, desktops and policy enforcement for better security.
Saint Francis has mentioned that they have implemented internal information safeguards. Credit monitoring for the 858 patients will be provided for two years. It said it will plan to improve physical safeguards. One of the steps includes preventing physicians, especially those who are contracted, from possessing physical records and transport them. So considering incidents like this EHR systems do have certain privacy and security benefits.
Saint Francis said the breach was a violation of policy. It said they didn’t receive any information to related data misuse. John Rodis, M.D., executive vice president and chief operating officer and chief physician executive, said “Our goal has always been to help ensure adequate safeguards are in place to protect our patients’ confidentiality. Education of our staff has already been completed and we are evaluating other opportunities to strengthen our compliance program.”
Alertsec strengthens security
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.