The Healthcare Data Security Threat: How the NFL and HIPAA made headlines
June 24, 2016
In today’s NFL not much is private. On any given Sunday, viewers are inundated with information about players’ personal and professional lives. One of the few stones left unturned when it comes to privacy are players’ medical records. For all their fame and fortune, when it comes to HIPAA, they are covered just like the rest of us. So when a report recently surfaced that a laptop containing medical records of thousands of players had been stolen from a Washington Redskins staff member, two relatively unrelated industries, healthcare and sports, made headlines for all the wrong reasons.
The circumstances surrounding this incident aren’t uncommon or specific to sports. A laptop containing players’ medical records spanning over 12 years was left unattended in a car. When the car was broken into, the laptop was stolen, and the individual responsible for security of the information was forced to report the incident. Making matters worse, the data contained on the laptop was not encrypted, and therefore ease of access revolved around a simple password. Though the investigation is ongoing, the Redskins released a statement addressing the severity of the breach:
"No social security numbers, Protected Health Information (PHI) under HIPAA (Health Insurance Portability and Accountability Act), or financial information were stolen or are at risk of exposure…"1
It would appear the players and organization dodged a huge bullet here. The statement goes on to explain the steps taken to prevent future incidents of this nature:
“All clubs have been directed to re-confirm that they have reviewed their internal data protection and privacy policies and that medical information is stored and transmitted on password-protected and encrypted devices; and that every person with access to medical information has reviewed and received training on the policies regarding the privacy and security of that information.” 1
Cyber Security Risks Are Common in Healthcare
This is pretty standard remedial training. In fact, that statement in one way or another has probably been repeated by healthcare organizations hundreds of times. It’s no secret healthcare data has replaced financial data as the most valuable piece of personal information sold on the black market. Cyber-attacks will continue to plague healthcare organizations, and the results are costly for patients and facilities alike. Healthcare facilities must take a proactive approach in terms of training their staff members on how to detect and prevent physical and cyber security threats. After all, the best offense is a good defense, right?
The First Line of Defense is Training and Awareness
Security Awareness in the Healthcare Setting, a course from HCCS, is designed to educate your staff on cyber and physical information security in today’s care environment. Completing this course strengthens your organization’s ability to protect your patients, your reputation, and your bottom line.
The Washington Redskins are the third most valuable team in the NFL at an estimated $2.85 billion2. They can afford whatever penalties, if any, come their way as a result of one employee’s mishap. Most healthcare organizations don’t have that luxury. Does yours?
Learn more at www.hccs.com/prepare.