Patients in 48 states are vulnerable, not to disease, but to their information getting into the wrong hands. An article in The Tennessean newspaper reported that a medical transcription contractor left a firewall down between May 5 and June 24.
That's a long time for to discover this. M2ComSys of India was hired by Cogent Healthcare to transcribe the notes dictated by physicians. As part of the contract, it was supposed to store the patient information, which was supposedly protected, on a secure website, but the firewall was down. Who is responsible? It's not just the contractor, in my opinion, but Cogent is also at fault. This HIPAA breach is the second one for Cogent, and it's not something to be pooh-poohed. The data includes patients' names, birth dates, medical record numbers, medical history, diagnosis and treatment. Usually, medical records at practices include patients' addresses and Social Security numbers, as well, completing the information that hackers need to steal people's identity.
There was a case study done by HealthCareInfoSecurity, which outline efforts of CaroMont Health of North Carolina to track down all its contracts. That could be a few or it could be a lot of people. But here's the scary thing: experts in the security field say that there is an increase in the number of health data breaches and that are not accidental. Moreover, hospitals and practices don't take action until after a breach occurs.
Many contractors are required to take out Errors and Omissions insurance in case something happens on their tour of duty at a company that hires them as contract workers. But when it comes to identity theft, the error can't be remedied by an insurance payment. Identity theft is the only crime in which the victim has to prove that he or she did not commit the crime, e.g., buying thousands of dollars worth of jewelry or electronics on a credit card.
A poll by the Ponemon Institute reported that 94 percent of 80 participating health care organizations had at least one security breach in the past two years. Those breaches cost them a total of $6.78 billion annually. Collectively, those organizations could have paid for new firewalls, new penetration testing, oh, and enough staff, and still have a lot of money left over -- and no egg on their faces.
