Learn simple security protocols to protect patient data.This article is an excerpt from our ebook, 5 Most Bizarre HIPAA Breaches. Download your free copy of the complete ebook.
Here’s one breach that reminds us of the importance of BAAs and a company’s need to perform due diligence before making a partnership.
The James Bond breachIn the 1977 box office hit The Spy Who Loved Me, James Bond uses a miniature microfiche reader to intercept the villain’s secret plans for a submarine tracking system. Our first breach may not be quite this exciting, but it does share Bond-era microfiche technology.
Microfiche is a storage media where documents are shrunk to about 1/25 size and copied onto photographic film. A 105x148mm microfiche card typically contains micro reproductions so small that special devices are required to read the data.
On May 13, 2013, Dallas police were notified when a local resident discovered microfiche containing sensitive patient information in a public park. Upon further investigation, police discovered three additional microfiche in two other Dallas-area public parks.
These microfiche, which contained social security numbers and medical data of 277,014 Texas Health Fort Worth Hospital patients from the ‘80s and ‘90s, had been delivered to a document shredding company for secure disposal. How these microfiche ended up in multiple public parks across Dallas remains a mystery.
Regardless of who is at fault, the covered entity at minimum shares accountability for the breach. Choose your vendors wisely and make sure you have a Business Associate Agreement (BAA) in place.
SEE ALSO: You Can't Hide Behind a Business Associate Agreement
This article is an excerpt from our ebook, 5 Most Bizarre HIPAA Breaches. Access the complete ebook here.