Search This Blog

Wednesday, March 16, 2011

Large Breaches in the Medical Transcription Industry

Since the enactment of the HITECH Act rule, section 12302(e)(4), breaches of unsecured health information are reported to the Department of Health and Human Services (HHS). All large breaches involving 500 or more individuals are listed on the HHS website with a brief summary of each. This list is periodically updated and can be found at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

Certainly this is not a list on which any medical transcription company wants to be found. In my research, there are only 3 MT companies on the list of large breaches at this time. I wanted to provide information about these cases so their experiences can be used as lessons learned (the hard way). This information is all gleaned from public records, so no confidential material is being shared in this summary.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

November 25, 2010: Osceola Medical Center in Osceola, WI. It was reported that the network server operated by their medical transcription service was hacked, exposing the health information of 500 patients. Their transcription service was listed as Hils Transcription Service. For some reason this was not reported to HHS until January 14, 2011, so there is only a small amount of information published at this time. Usually the delay in reporting is because of time needed for internal investigations to be completed. There are no statements posted on their websites nor has there been any press releases distributed detailing the information about this breach. We do know that the data exposed did not include any Social Security numbers or financial information. This has not yet been listed on the http://datalossdb.org/ website, so the Ponemon Institute’s direct costs estimate[1] has not been calculated. Given that the average cost per individual notified is based on $60; that would put the direct cost at an estimate of $30,000.


September 24, 2010: Newark Beth Israel Medical Center in New Jersey. From the notice posted by the hospital they stated that Professional Transcription Company (in Staten Island, NY) mistakenly posted clinical reports on the MT service’s unsecured website for up to 10 months. This information contained full names, medical record numbers, hospital account numbers, dates of birth, diagnoses, and other clinical information about 1,744 patients. A hotline number was provided to all of those notified but no credit monitoring was established. According to http://datalossbd.org/ the Ponemon Institute’s direct costs estimate1 is calculated to be $104,640.


December 17, 2010: PinnacleHealth System in Pennsylvania. According to the reports related to this incident, Gair Medical Transcription Services (Lemoyne, PA) exposed patient records on the Internet for a period of 2 years. This was detected when someone searching for something online stumbled across the data and then contacted PinnacleHealth. After that PinnacleHealth launched an investigation with an outside computer firm; it was found that their data had been exposed to access to the MT company’s unsecured server through the Internet. The reports contained Social Security numbers, dates of birth, medications, diagnoses, clinical histories, and dates of service. PinnacleHealth notified 1,086 outpatients whose personal information had been accessed. The health system also has set up a hotline for all those notified, as well as enrolled each one in credit monitoring services with identity theft protection. It has also been stated that PinnacleHealth is working with other healthcare providers whose medical transcription is being handled by this same service, and that they have kept the Federal agency responsible for overseeing the privacy of patient medical records informed related to this issue. According to http://datalossbd.org/ the Ponemon Institute’s direct costs estimate is calculated to be $65,160.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

These are the realities that have been thus far reported. While the Ponemon Institute has generated through its research an estimated cost per individual notification, there is nothing that can calculate the estimated devastating cost of corporate reputational loss. Client confidence in your service is, indeed, priceless.

So when considering the cost of compliance, think about these examples and recognize that prevention is more than ever, an important and critical business strategy.

[1] Note the cost estimates are based on the Ponemon Institute's 2009 direct costs figures from their 2009 Annual Study: Cost of a Data Breach.

9 comments:

aliyaa said...

There are audio typing services are all certified typists. They are fast, efficient, and good at paying attention to those important little details that so many miss.

Md. Anwar Hossain said...

Thanks for publishing this site. Here are fast, efficient and good at paying attention to those important little details that so many misswww.jojacksedmonton.com.

Joseph Ferguson said...

One of the foremost sophisticated and mysterious areas of immigration law, the I-601 discharge of Grounds of unacceptableness ("Waiver") method is a frightening, scrupulous, and long one. the method is sophisticated as a result of it needs a careful balance of argumentation primarily based upon power and court precedent. gre waiver letter

aliyaa said...

I’ve been looking for something like this for a while now. I’m glad I come across your site. Thanks for sharing. check it

iron man said...

Very informative post. I’m looking for this kind of post. I suggest one thing more that you should visit this site too.

Thomas Venney said...

Good to know your writing.

Thomas Venney said...

Any Fantastic transcription firm Has recently broadened its services to present direct word and typing processing services. best typing websites help me a lot on my typing.

Unknown said...

The matter of medical transcript is not so easy. It is necessary to write a transcription transcript with a disease and patient. So, we have to make extensive research about those diseases and patients. That is why writing a successful transcript is possible. find a typist Good ideas are found in this article.

Eunus Khan said...

Thank you for hard working. Also, it’s help more. new government job circular