Franklin, Tenn.-based Community Health Systems made headlines last week after a foreign cyberattack compromised the personal and health information of 4.5 million people. However, data breaches are not just the result of external threats — hospital and health system employees have also been known to steal patient information, as using or selling that information can be quite lucrative.
To protect patient data from insider threats, a recent IntelliCentrics blog post outlines four steps to take:
1. Be on the lookout for disgruntled employees. All hospital employees, not just managers, should be watching for unhappy coworkers who might be tempted to steal data. Organizations should also work on proactively engaging employees to keep morale up and reduce the risk of internal data theft.
2. Ensure each employee only has access to the data he/she needs to perform a job or task. Hospital IT departments need to make sure employees can only access the minimum amount of data they need to complete a task or perform their job functions, and that when data is no longer needed, employees' access is revoked.
3. Raise awareness of the dangers of medical identity theft. Addressing patient data theft as a clinical quality issue may help spur employees to become more engaged in preventing such theft.
4. Implement a credentialing process. Screening and verifying everyone that comes into contact with patient data can help reduce the risk of theft.
More articles on data breaches:
Physician's home burglary compromises St. Elizabeth patient information
Cedars-Sinai reports potential data breach due to stolen laptop
FBI: Hackers are targeting healthcare organizations