The Guam Memorial Hospital Authority has announced a breach of patient data. In light of this information security breach, the GMHA will be implementing policy changes that include the use of data encryption software.
The laptop was stolen in late October from hospital premises. A computer file stored on the device contained information on approximately 2,000 people--including employees, volunteers, contractors, and physicians. Thankfully, the information was relegated to names, dates of physical examinations, vaccinations, and TB and Hep B statuses. No other information was present, including SSNs, dates of birth, addresses, or financial information.
The laptop was stolen in late October from hospital premises. A computer file stored on the device contained information on approximately 2,000 people--including employees, volunteers, contractors, and physicians.
Thankfully, the information was relegated to names, dates of physical examinations, vaccinations, and TB and Hep B statuses. No other information was present, including SSNs, dates of birth, addresses, or financial information.
At first, I thought so. After all, it's all patient data but there are no patients here. All of the people are related to the hospital in one way or another, with essentially all 2,000 working at or for the hospital. Sure, employees are patients, too, if they fall sick. However, this is not such a list. Why is the hospital keeping track of vaccinations for personnel? Because it's a hospital, that's why. When you're working in an environment where people come to you with their diseases, it only makes sense that people working there are protected. Vaccinations must be de rigeur if you're a doctor or nurse. (Remember how medical personnel were the first to be vaccinated against the H1N1 flu?) What threw me off initially was the inclusion of contractors: generally, when one mentions contractors, I either think of IT guys or construction workers, so I was wondering why the hospital was vaccinating people who weren't coming in contact with the sick.
At first, I thought so. After all, it's all patient data but there are no patients here. All of the people are related to the hospital in one way or another, with essentially all 2,000 working at or for the hospital. Sure, employees are patients, too, if they fall sick. However, this is not such a list. Why is the hospital keeping track of vaccinations for personnel?
Because it's a hospital, that's why. When you're working in an environment where people come to you with their diseases, it only makes sense that people working there are protected. Vaccinations must be de rigeur if you're a doctor or nurse. (Remember how medical personnel were the first to be vaccinated against the H1N1 flu?)
What threw me off initially was the inclusion of contractors: generally, when one mentions contractors, I either think of IT guys or construction workers, so I was wondering why the hospital was vaccinating people who weren't coming in contact with the sick.
Per the law, yes it is. Personally, though, I probably wouldn't care that someone other than doctors and nurses has a copy of my Hep B status. On the other hand, if other ailments had been included, I might be singing a different tune (yours truly is very healthy, by the way). I feel, however, that the breach is significant in the sense that it has pointed out holes in the hospital's security. This particular breach could have been disastrous. The only reason why it's been limited to what it was can be attributed to luck: they were lucky the laptop didn't contain more sensitive files. The incident allows the hospital to engage in better security practices--such as the use of encryption software like AlertBoot on files and data redaction from computers--which will help prevent future breaches.
Per the law, yes it is. Personally, though, I probably wouldn't care that someone other than doctors and nurses has a copy of my Hep B status. On the other hand, if other ailments had been included, I might be singing a different tune (yours truly is very healthy, by the way).
I feel, however, that the breach is significant in the sense that it has pointed out holes in the hospital's security. This particular breach could have been disastrous. The only reason why it's been limited to what it was can be attributed to luck: they were lucky the laptop didn't contain more sensitive files.
The incident allows the hospital to engage in better security practices--such as the use of encryption software like AlertBoot on files and data redaction from computers--which will help prevent future breaches.
Related Articles and Sites:http://www.pacificnewscenter.com/index.php?option=com_content&view=article&id=1623:gmh-issues-notice-of-breach-of-unsecured-health-information&catid=45:guam-news&Itemid=156