Examples of Breaches of Unsecured Protected Health Information

How do I know if I created a breach of ePHI? I am asked this question quite a bit and it’s really hard to answer. A lot of healthcare employees are afraid of what they don’t know. “What if I do something, and I didn’t know it was a HIPAA violation?” That is a very good question. The best way to answer that is in one word. Education. You want to educate your staff, and you want to make sure that what they don’t know doesn’t hurt the practice. Below is a few examples of breaches of unsecured protected health information.

  • Workforce members access the electronic health records of a celebrity who is treated within the facility.
  • Stolen lost laptop containing unsecured protected health information.
  • Papers containing protected health information found scattered along roadside after improper storage in truck by business associate responsible for disposal (shredding).
  • Misdirected e-mail of listing of drug seeking patients to an external group list.
  • Lost flash drive containing database of patients participating in a clinical study.
  • EOB (Explanation of Benefits) sent to wrong guarantor.
  • Provider accessing the health record of divorced spouse for information to be used in a custody hearing.
  • Workforce members accessing electronic health records for information on friends or family members out of curiosity/without a business-related purpose.
  • EMT takes a cell phone picture of patient following a MVA and transmits photo to friends.
  • Misfiled patient information in another patient’s medical records which is brought to the organization’s attention by the patient.
  • Medical record copies in response to a payers request lost in mailing process and never received.
  • Misdirected fax of patient records to a local grocery store instead of the requesting provider’s fax.
  • Briefcase containing patient medical record documents stolen from car.
  • PDA with patient-identifying wound photos lost.
  • Intentional and non-work related access by staff member of neighbor’s information.
  • Medical record documents left in public access cafeteria.

It is always good to review examples of breaches of unsecured protected health information. Some of it is easy to do inadvertently. You want to make sure you staff is educated.