Forgot password?
Login / Register
Last month, we learned that at least eight U.S. Department of Veterans Affairs facilities were found in recent months to be violating the department's prohibition against using online tools like Google Docs to share private health information among facilities. In fact, the latest VA incident report underscored the department's shortcomings in safeguarding the personal information of 878 patients. Now, Danville, Pa.-based Geisinger Health System has acknowledged that some protected health information (PHI) of roughly 2,928 patients was recently disclosed in an unauthorized manner.
According to a statement released by Geisinger, around Nov. 3, a limited amount of PHI was emailed by a former Geisinger Wyoming Valley Medical Center gastroenterologist from his Geisinger computer to his home email account in an unencrypted manner. Geisinger said it became aware of the action on Nov. 6.
As CMIO reports: "Unencrypted information included patient names, medical record numbers, procedures, indications and the physician’s brief impressions regarding the care provided…It did not include addresses, telephone numbers, Social Security numbers, patient account information 'or any financial information that could make affected patients vulnerable to financial identity theft.'"
Patients, of course, were notified of the exposure per the requirements set forth in the HITECH Act. While it's encouraging that, this time, there was no personal financial info leaked, this incident--as well as the VA debacle--provide another timely reminder of the work remaining to be done on the patient data security front.
More information about formatting options
