'Inappropriate staff workarounds' at California VA center put patient data at risk

The Veteran Affairs Office of Inspector General found various issues at Tibor Rubin VA Medical Center in Long Beach, Calif., in terms of policies on patient information privacy.

Investigators found:

  • A lack of software interface between Veterans Health Administration medical devices and EHR as well as inappropriate staff workarounds.
  • A lack of biomedical engineering and IT assistance in resolving software interface issues between VHA medical devices and the EHR.
  • Unapproved communication modes used by facility staff that risk disclosure of sensitive personal information.

Additionally, the OIG found that Tibor Rubin VA Medical Center had two additional issues involving a possible breach of patients' sensitive personal information. The VA center was also found to be using logbooks, which the VHA policy prohibits.

Officials gave Tibor Rubin VA Medical Center six recommendations related to communication and education, disclosure of protected patient information, VHA policy review and compliance with the use of logbooks.

To read the complete report, click here.

More articles on cybersecurity:
19 healthcare privacy incidents in July
Paper records most common source for data breaches in hospitals, study finds
How this Arizona hospital's 4-person IT team responded to a ransomware attack

© Copyright ASC COMMUNICATIONS 2019. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.

 

Top 40 Articles from the Past 6 Months