According to the Health Insurance Portability and Accountability Act (HIPAA), information lost in the recent Community Healthcare System hack is protected by law, and patients could sue for hospital negligence.
According to HIPAA, any organization that moves any sort of data that has to do with business processes, workflows, and infrastructure to the cloud, is required to comply. Policies for managing access to appliances, devices, and databases, as well as permission control to access and modify that data must be adhered to as well. It is commonly assumed that storing and sharing data in the cloud puts it at a higher risk of being breached, which makes it important to not store or share unencrypted data.
Even though Community Healthcare System took the necessary steps to securing their databases, the length of time between reporting the security breach and responding to it was enough for the hackers to get in, steal the information, and get out before the company could prevent serious damage.
Since 2009, 21 million health records have been compromised due to major security breaches, a majority of them involving loss or theft of electronic equipment or storage media containing unencrypted data. The most recent being the laptop theft of a Cedars Sinai employee containing personal health information for over 500 hospital patients. The data had been unencrypted due to negligent action on the hospital employee’s part. Company policy required hospital employees to reinstall and update security programs, which the employee had neglected to do after switching operation systems.
4.5 million patients with 206 hospitals in 28 states have been affected from the recent Community Healthcare System security breach. Three of those hospitals, Barstow Community Hospital, Fallbrook Hospital, and Watsonville Community Hospital are in California. The breach puts anyone who received treatment from a network owned hospital within the past five years at high risk for identity fraud, considering the hackers gained access to names, social security numbers, physical addresses, and telephone numbers. The hospital system has announced that it will be notifying all patients affected via mail, and will be offering free identity fraud protection as well, yet it doesn’t change the fact that all affected patients are eligible to sue for damages from hospital negligence under HIPAA.
If you have suffered damages due to identity theft from the CHS hack, Hodes Milman Liebeck can provide you with the assistance you need during this difficult time. Contact us today online at hmlm.com or call (949) 640-8222 for a complimentary case evaluation.