Tornado Jeopardizes PHI and COVID Worsens Opioid Epidemic
Take control of the physical data breach and drug diversion risks that threaten your healthcare organization with Senseon’s Physical Security Breach Roundup.
We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
Physical Security News
The information of almost 2,000 heart patients has been jeopardized after the February theft of portable storage devices from Houston Methodist Hospital.
In response, the hospital has sent out notification letters informing patients that external hard drives had been removed from the facility and stolen from a vendor’s car. The devices contained procedural images, names, dates of birth, and other sensitive information.
The FTC has opened up comments on the Health Breach Notification Rule. The rule, which went into effect in 2009, requires non-HIPAA covered EHR companies to notify customers and the FTC when a data breach occurs. It also stipulates that EHR vendors and service providers must notify affected individuals within 60 days after a breach has been discovered. If more than 500 individuals are impacted, the FTC must be made aware within 10 business days.
The FTC is requesting comments on whether the rule should be kept, changed, or eliminated, as well as input on timing requirements, enforcement, and whether the rule should address violations related to COVID-19.
Recent weather issues have resulted in the breach of patient records.
Poplar Bluff Regional Medical Center is notifying patients of the potential inappropriate disclosure of their information due to a tornado. A building in Lebanon, TN was struck on March 3, jeopardizing documents that were scheduled for scanning into the hospital’s EMR and then for destruction.
Potentially breached information includes social security numbers, addresses, dates of birth, medical record and account numbers, images, test results, medication, and other information typically found in patient records. Since most of the records are still in the remaining parts of the building, a tall fence has been built and 24/7 security guards have been posted as protection.
Banner Health is on the hook for almost $9 million after a 2016 data breach, which affected 2.9 million patients. The settlement, which provides $500 per patient, is yet another in a string of settlements holding hospitals financially responsible for how they’re handling the security of their patients’ information.
Drug Diversion News
Omnicare will pay a $15.3 million civil penalty after allegations that it violated federal law when it allowed controlled substances, including opioids, to be dispensed without the proper prescription.
Omnicare’s “closed door” pharmacies are not open to the public and instead deliver substances to nursing homes and other long-term care facilities. It additionally maintains “emergency kits” that often contain opioids, requiring close control and tracking.
The DEA found that Omnicare “failed in its responsibility to ensure proper controls of medications used to treat some of the most vulnerable.”
A Pennsylvania woman has been accused of stealing over half a million dollars worth of a drug used in opioid addiction treatment. Rena Lynne Schleehauf has been changed with delivery and possession of a controlled substance, theft, and theft by deception. Schleehauf admitted to the theft of 66,180 units of Suboxone from Johnson’s Pharmaceutical Services where she worked as a lead pharmacy fill technician.
The coronavirus could be disrupting efforts to control the country’s opioid epidemic.
Stress, isolation, and the closure of critical public health programs are potentially driving relapses. At the same time, the country’s illicit drug supply has dried up, in part because of border restrictions — a factor that professionals are concerned could drive dealers to increase potency to meet demands.
Coroners, law enforcement, and emergency responders across the country have reported spikes in deaths and overdose calls, with many suspecting that they’re connected to COVID-19. While it’s still early to determine whether the increases are related to a broader trend, coroners and medical examiners are lacking the resources needed to follow up on overdose deaths because of the strain created by cases of COVID-19.
Learn more about how to mitigate hospital security risks.