Share this newsletter on:
Framingham, MA-based Charles River Medical Associates has came upon the threat of failing to make use of encryption to offer protection to knowledge saved on transportable laborious drives.
In past due November, the apply came upon one of its transportable laborious drives used to be lacking. The instrument contained x-ray pictures, names, affected person ID numbers, and start dates. Every affected person who had visited the Framingham radiology lab for a bone density scan since 2010 had their x-ray pictures uncovered – nearly nine,400 people.
The laborious pressure used to be utilized by the apply as a backup instrument and up to date the saved knowledge every month with bone density scans from the previous 4 weeks. The remaining time the instrument used to be used used to be for the October knowledge backup. In past due November, when the per thirty days backup used to be scheduled to be made, the transportable pressure may no longer be discovered.
A complete seek of the premises used to be performed, which took a number of weeks, however the instrument may no longer be situated. All team of workers individuals have been puzzled about the whereabouts of the pressure, however no person had noticed the instrument in the previous 4 weeks.
Charles River Medical Associates has now declared the instrument misplaced and the seek has been referred to as off. Brian Parillo, government director of Charles River Medical Associates stated, “It’s hard to speculate on what could have happened to it.”
The loss of any instrument containing unencrypted safe well being data is a reportable incident underneath HIPAA Rules and sufferers will have to be notified of the attainable breach of their data. In compliance with HIPAA Rules, the incident has now been reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) and sufferers had been knowledgeable of the breach via mail.
While the pressure is assumed to had been misplaced relatively than stolen, it’s imaginable that the instrument has been discovered and the data saved on the pressure seen via unauthorized people. Patients have due to this fact been recommended to take steps to protect towards any damaging affect from the incident, together with acquiring credit score stories and checking their credit score accounts for any signal of fraudulent process.
However, since no Social Security numbers, monetary data, or medical health insurance main points have been saved on the instrument, the attainable for id robbery and fraud is low.
As a outcome of the incident, the resolution has been taken to forestall the usage of unencrypted transportable drives to retailer backups. A complete safety assessment has additionally been performed to spot different attainable vulnerabilities to the confidentiality, integrity, and availability of PHI, a assessment of has been performed, and team of workers had been retrained on privateness workflows.
The breach document submitted to OCR signifies nine,387 sufferers had been impacted via the incident.
Lack of Encryption on Hard Drive Results in the Exposure of 9387 Patients’ PHI