Preventable Breach at Major University Hospital

Veriphyr proactively reports impermissible use of PHI the first time it happens.


Recent Breaches

In 2017, the Medical University of South Carolina (MUSC) found 58 cases of patient privacy breaches. As a result, MUSC is prepared to be added to the list of the one hundred hospitals being audited by the Department of Health and Human Services (HHS) for HIPAA violations. Such an audit could mean fines and ongoing monitoring by HHS.

The university found thirteen employees to be responsible and fired them for impermissible use of patient records.

“The punitive actions taken at MUSC shed light on human resources decisions made by leaders at the state’s top academic medical center, and more broadly, the security of confidential health care information in the digital age”

– Mary Katherine Wildeman and Lauren Sausser, Post and Courrier.


Current Preventions

Electronic Protected Health Information (ePHI) are better protected than those on paper, because access can be tracked, reported, and limited to those who hold certain positions. The university has taken proactive measures to protect and monitor use of this information.

Eleven of the fifty-eight cases were high profile patient record snooping. In response, MUSC hired employees to monitor the media for “potential privacy breaches”. Meaning, if a patient is particularly interesting due to publicity, the hospital will monitor access to their records more carefully.

MUSC’s efforts to prevent future breaches have also included annual employee trainings and open forums. However, the hospital has still had to take punitive actions against 30 employees who violated the patients’ and the hospital’s trust.


Further Preventions

Steve Katz, a Veriphyr advisor, writes about more that can be done to accurately identify impermissible use of patient data and prevent future breaches.

Veriphyr can help MUSC to protect its patients, and itself, from from further HIPAA violations.


SourcePost and Courrier Feb 25, 2018