in HIPAA Headlines by John Brewer

Those two words should bring a cold sweat to most medical practices….unless you are setup correctly.

St. Francis Hospital in Wilmington, Del. is sweating today as they had to notify almost 500 patients that a thumbdrive was lost.

This thumbdrive was actually lost in the spring, but nobody realized it – careless.

This thumbdrive had PHI on it.

This thumbdrive was not password protected – though this would matter.

This thumbdrive was not encrypted – this is the real issue.

Without a policy in place for staff members to follow you have nothing.

Without a policy for staff members to follow, you will have a difficult time disciplining them.

Without a policy in place for encrypting portable devices you are playing with fire and asking for trouble.

But what should I do??

You should:

  • Have a policy in place for encrypting portable storage devices
  • Train your staff so they understand what data needs to be encrypted
  • Have a tracking mechanism to ensure when someone puts PHI on a portable device, you know where it is.

It is complete and utter carelessness for your patients and your business and your staff to not have a policy, that is enforced and trained, so your staff fully understand what it is they are required to do when it comes to PHI on a portable storage device.

About John Brewer

This author hasn't yet written their biography.
Still we are proud John Brewer contributed 177 great entries.

0 thoughts on “Lost Thumbdrive

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *