Three recent criminal cases involving hospital insiders who allegedly committed a variety of fraud, identity theft or egregious privacy violations that victimized

Read the full article at: www.databreachtoday.com

Hospital cultures have historically been focused on patient care. Employers often provide employees with some kind of medical benefits. Insurance companies have focused on medical coverage. Pharmacies dispense medicine. It wasn’t until the US Congress enacted HIPAA (Health Insurance Portability and Accountability Act) in 1996 that privacy and the related security measures became a mandate for the entire health care value chain. Hospitals, employers, insurance companies, pharmacies, nursing homes and all related healthcare providers had to, among other things, protect the privacy of patient information. Violators are subject fines and criminal prosecution.

It should then come as little surprise that there are “holes” in the privacy and security efforts of these parties. While varying degrees of rigor in procedures, policies and enforcement provide ample opportunities for insider exploitation, the case can also be made that many security breaches are simply due to human error. Some organizations tolerate “rule breaking” or laxity in enforcement of policy. Employees may have received training, but there may be no reinforcement to maintain the desired behaviors needed for successful privacy and security programs.

What can be done to address insider threats? Organizations that have created cultures that value privacy and security are much better prepared to deal with these threats than those who haven’t. Want to learn how we can help? Contact us.