In today’s NFL not much is private. On any given Sunday, viewers are inundated with information about players’ personal and professional lives. One of the few stones left unturned when it comes to privacy are players’ medical records. For all their fame and fortune, when it comes to HIPAA, they are covered just like the rest of us. So when a report recently surfaced that a laptop containing medical records of thousands of players had been stolen from a Washington Redskins staff member, two relatively unrelated industries, healthcare and sports, made headlines for all the wrong reasons.
The circumstances surrounding this incident aren’t uncommon or specific to sports. A laptop containing players’ medical records spanning over 12 years was left unattended in a car. When the car was broken into, the laptop was stolen, and the individual responsible for security of the information was forced to report the incident. Making matters worse, the data contained on the laptop was not encrypted, and therefore ease of access revolved around a simple password. Though the investigation is ongoing, the Redskins released a statement addressing the severity of the breach:
"No social security numbers, Protected Health Information (PHI) under HIPAA (Health Insurance Portability and Accountability Act), or financial information were stolen or are at risk of exposure…"1
It would appear the players and organization dodged a huge bullet here. The statement goes on to explain the steps taken to prevent future incidents of this nature:
“All clubs have been directed to re-confirm that they have reviewed their internal data protection and privacy policies and that medical information is stored and transmitted on password-protected and encrypted devices; and that every person with access to medical information has reviewed and received training on the policies regarding the privacy and security of that information.” 1
Cyber Security Risks Are Common in Healthcare
This is pretty standard remedial training. In fact, that statement in one way or another has probably been repeated by healthcare organizations hundreds of times. It’s no secret healthcare data has replaced financial data as the most valuable piece of personal information sold on the black market. Cyber-attacks will continue to plague healthcare organizations, and the results are costly for patients and facilities alike. Healthcare facilities must take a proactive approach in terms of training their staff members on how to detect and prevent physical and cyber security threats. After all, the best offense is a good defense, right?
The First Line of Defense is Training and Awareness
Security Awareness in the Healthcare Setting, a course from HCCS, is designed to educate your staff on cyber and physical information security in today’s care environment. Completing this course strengthens your organization’s ability to protect your patients, your reputation, and your bottom line.
The Washington Redskins are the third most valuable team in the NFL at an estimated $2.85 billion2. They can afford whatever penalties, if any, come their way as a result of one employee’s mishap. Most healthcare organizations don’t have that luxury. Does yours?
Learn more at www.hccs.com/prepare.
HealthStream’s learning management system and comprehensive suite of competency management tools empower your healthcare workforce to deliver the best patient care.View All Learning & Performance
When you enact HealthStream's quality compliance solutions, you can do so with the confidence your healthcare organization will meet all standards of care.View All Quality & Compliance
Fulfill compliance requirements with a variety of programs and courseware designed to address critical regulatory requirements as well as educate staff to recognize and mitigate risks.View All Products
HealthStream offers professional training and education on how to best optimize your reimbursement process within your healthcare organization.View All Reimbursement
Improve the preparedness of your staff, increase survival rates, and cut costs with the advanced resuscitation training services from HealthStream.View All Resuscitation
Expand the decision-making skills and effectiveness of your healthcare workforce with HealthStream's clinical development programs and services.View All Clinical Development
Delivers everything you need to request, gather, and validate information about a provider to create a single source of truth for downstream processes.View All Credentialing
Make sure your healthcare staff can schedule out appointments and work schedules with ease using HealthStream's line of software solutions.View All Scheduling & Capacity Management