in HIPAA Headlines by John Brewer

On Friday (the second best day to report bad news), American Airlines announced that a hard drive had been stolen from it’s Fort Worth headquarters building.

On this hard drive was current and former employee:

  • Names
  • Addresses
  • Dates of birth
  • Social Security numbers
  • some bank information

Oh, and “No customer data was affected”…whew!  I’m sure the employees are grateful.

Things we don’t know:

  • Was this a portable hard drive?
  • Was this on a computer that was being “thrown out”?
  • Was this an actual break-in theft?
  • What policies were broken regarding storage of this hard drive?

So, why discuss this non-medical event?

It is another solid example how you can’t overlook anything.

You need to have policies in place:

  • Physical security
    • Is your server room locked?
    • Are patients able to wander from the waiting room to the back without escort?
  • Encryption?
    • Is PHI stored on portable devices?
    • Should your entire server be encrypted?
  • Reaction Checklists
    • Once a suspected (or actual) data release occurs, what do you do next?

You need to have your act together ahead of time so something like this does not consume every moment of your day and prevent you from generating income.

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 177 great entries.

0 thoughts on “American Airlines Employee Data Stolen

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *