Stay on top of the physical risks that threaten your organization with our Physical Security Breach Roundup. We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
Moran Eye Center Enhancing Security Measures After Breach
A laptop computer and hard drive were recently stolen from the John A. Moran Eye Center. The two devices contained partial medical records of more than 600 patients. The theft, which occurred on April 3, included full or partial names, dates of birth, retinal images, and medical reference numbers. The reason for the theft remains unknown, but the center will be “improving its policy and procedures and enhancing security measures to reduce the risk of an event like this from occurring again.” No changes have yet been made.
Massachusetts Hospital Pays to Improve Medication Security after $50,000 Settlement
Nantucket Cottage hospital has agreed to a $50,000 settlement after the U.S. Attorney’s Office for Massachusetts found that the hospital was keeping drugs in an unlocked refrigerator and storing the keys to a locked medication cabinet in an unlocked drawer. The hospital also failed to track some of its controlled substances. Officials report that the hospital has already improved medication security and record keeping practices.
U of Texas MD Anderson Ordered to Pay $4.3 Million HIPAA Penalty
An administrative law judge ruled that the University of Texas MD Anderson Cancer Center will be held responsible for the theft of an unencrypted laptop to the tune of a $4.3 million penalty. Along with the laptop, two unencrypted USB thumb drives were lost. OCR found that MD Anderson had written encryption policies that dated back to 2006. Internal risk analysis also found a lack of encryption of hospital devices to be a security risk. MD Anderson was fined for each day of HIPAA noncompliance and each exposed record because of the provider’s “willful neglect.” The judge ultimately ruled that MD Anderson “failed to adopt an effective mechanism” to protect their patients’ data.
Heart Attack-Causing Drug Stolen from Alabama Hospital
Staff at a Gadsen hospital reported medication stolen from a crash cart after locks had been broken. Five kinds of medication were taken, including amiodarone, which is known possibly to cause cardiac arrest if misused. Staff suspects a recently-discharged patient who’d been observed around the carts before the theft.
Effingham Health System Agrees to Pay Nation’s Largest Drug Diversion Settlement
Effingham Health System will be paying a $4.1 million settlement behind allegations that it failed to properly guard against the loss and theft of controlled substances. The U.S. Attorney’s Office says that the health system’s inaction let to “a significant diversion of opioids” and they additionally failed to report the diversion. Across a period of more than four years, tens of thousands of oxycodone tablets were left unaccounted for. The hospital has begun overhauling its pharmacy operations to improve their systems and implement best practices.
OCR Newsletter Highlights Importance of Locks in Protecting PHI
OCR’s most recent newsletter paid rare but particular attention toHIPAA’s physical safeguard requirements. Along with privacy screens, the newsletter highlights the use of locks to deter theft and restrict access. The newsletter was also clear in pointing out the fact workstations also including any computing device, such as laptops or any device that contains electronic media (e.g., portable electronic devices like tablets, smartphones.) The newsletter also suggests that organizations ask themselves whether public devices should be relocated, and what additional physical security controls could be put in place.
Want to step up your medication storage practices? Senseon’s biometric and physical security offerings can be an integral part of any proactive facility’s security and drug safety initiatives.
