You may often assume that threats to electronic health records are always from outsiders. But the fact is that internal threats are equally prevalent and pose much more danger to an entity’s data. An incident at Queens, New York based Jamaica Hospital is proof to this fact. Two emergency department clerks at the hospital have been charged for illegally accessing electronic health records (EHR) of hundreds of ED patients and releasing their personal and medical information to outside companies and individuals.
According to the Queens County District Attorney’s Office, these clerks had inappropriately accessed computer records of 250 patients. These records contained information including dates of birth, addresses, phone numbers, Social Security Numbers, and details of injuries and medical conditions of patients who were treated at the emergency department of Jamaica Hospital.
The District Attorney of Queens County, Richard Brown said that the defendants were accused of blatantly violating their HIPAA obligations and trolling through patient health records, because of which, patients who were taking treatment at the hospital have been victimized with illegal release of their personal and medical information. It is believed that some of these affected patients were contacted by lawyers and ‘medical mill’ healthcare providers soliciting their business while they were still receiving treatment in the ED of Jamaica Hospital.
The defendants Maritza Amandor and Dache Prawl will face multiple charges including computer trespass, second-degree unlawful possession of personal identification information and unauthorized use of a computer. They may face up to four years imprisonment if convicted. But the hospital is also likely to bear the brunt of this incident for failing to protect patient records adequately. This is yet again a warning bell to healthcare entities that have not done enough to safeguard patient health information from outsider as well as insider threats. A simple yet effective solution such as Aegify Security Posture Management or Aegify SecureGRC can help prevent such breaches from happening and can provide the ideal platform for comprehensive data security.