Do you know all of the ways someone can steal PHI from your practice? We’ve put together a list of 24 ways that people can steal medical data.
As farfetched as it sounds, all of these are prone to security breaches.
To help you along, any of the items marked with an asterisk (*) are risks that have led to HIPAA violations and fines from the Dept. of Health and Human Services.
- A laptop that’s lost or stolen*
- A USB drive that’s lost or stolen*
- A smartphone/tablet is lost or stolen
- Printed records that aren’t properly shredded*
- At a third party vendor*
- An email received by someone other than your patient
- A computer stolen from your practice*
- Paper stolen from a desk of your practice
- A sold or trashed hard drive with PHI on it*
- A fired employee still has access to your systems or office*
- A fired employee steals PHI on their way out the door
- A hacker tricks an employee into installing malware to steal PHI via phishing
- A hacker tricks an employee into installing malware to steal PHI via drive-by malware
- A hacker logs in to your network to steal PHI
- Someone logs into a hosted service that contains PHI (like an email account, calendar system, or hosted EMR system)*
- A hacker breaks into your website to steal PHI
- A disaster leaves your PHI open to being lost or stolen*
- Employees take PHI through a USB drive*
- Employees take PHI through their work email address
- Employees take PHI through their personal email address
- Employees take PHI through a file sharing site (like Dropbox)
- Employees take PHI by printing it out
- Employees take PHI by taking pictures of a screen
- Employees take PHI through instant messaging (like Skype)
Feeling a bit overwhelmed?
Get some free help! Check out our free 42-Point Checklist for ways to make your practice HIPAA compliant.
Talk to us!
Have questions or feedback? Please share them in the comments below.
Like this article? Share it!