HIPAA and the AHMC


In today’s Sacramento Bee:

“A Southern California hospital chain is urging patients to check their credit reports after thieves stole two laptop computers containing Social Security numbers and other information on more than 700,000 patients.

The laptops contained names, insurance and Medicare ID numbers and other information on patients of six AHMC hospitals in Alhambra, Anaheim, Monterey Park, San Gabriel, South El Monte and Whittier.”

So, I have the following questions which need to be answered: Why was this data stored on the laptop, rather than, on a mainframe? Was the information copied to an Excel or other spreadsheet program from the mainframe, and if so, by whom? And, who was responsible for the security of the laptops and the data stored on them?

One of the many responsibilities I had while in banking was that of Security Officer. This meant I was responsible for personal security of our employees, the physical security of our locations, the financial security of our assets and the data security of our customers. If any of these security issues were violated, no matter how insignificant, I was required to explain how the breach could have occurred and what processes would be put in place to prevent, or at least reduce, the possibility of its recurrence.

So, what will the AHMC do to answer for and resolve this terrible breach of security and both personal privacy and HIPPA violations for its patients? Certainly, at a minimum, it should absorb the cost of any financial loss incurred, since patients may suffer theft of bank accounts, credit cards or other monetary loss. In addition, assistance to help them advise the credit reporting agencies that their identification was stolen and attempts of credit fraud may have occurred should be mandated.

And, by the way, why did it take since October 12, when the theft occurred, to advise the affected individuals of this possibly terrible negative impact of their lives? Was there a coverup involved? After all, much damage can be done in one day, let alone ten days, to 729,000 innocent people.

What other form of restitution will be offered? After all, these patients’ lives are in a state of upheaval and it may take months, if not years, to put everything back into some semblance  of order. And who, finally, will be held accountable? Or will it all be swept under the proverbial rug?

These are questions the California Attorney General should be demanding answers to, and short of any reasonable and logical response,  should prosecute the senior people at AHMC for their lack of control and precautions to protect unwitting innocents from the lackadaisical, and quite frankly, illegal actions on the part of AHMC.

The sooner the AG gets this going, the faster these issues can be put to rest, and the faster the job of fixing the people’s lives can be resolved. Let’s get on it.

Enhanced by Zemanta