Miami Health System Fined $2.15 Million for HIPAA Violation; Opioid Crisis Costs Tops $2.5 Trillion
Stay on top of physical data breaches and drug diversion risks that threaten your healthcare organization with Senseon’s Physical Security Breach Roundup. We bring you the most recent physical data breach and drug diversion announcements each month. If you want to learn more about what you can do to minimize the risk of your facility ending up on this list, we can help.
Physical Data Breach News
Jackson Health System is staring down a $2.15 million bill from HHS for violations that occurred between 2013 and 2016. The Office of Civil Rights found that the health system hadn’t provided accurate breach notification. It also failed to conduct enterprise-wide risk analyses, manage identified risks at an appropriate level, review information system activity records, and restrict authorization to patient information.
The investigation began after a media report disclosed the PHI of a Jackson Health patient — a report shared a photograph of an OR screen that showed patient medical information on a social media platform. The health system then determined that employees had illegally gained access to the patient’s EHR.
A survey of more than 200 cybersecurity and tech leaders found that about 2 out of every 5 IT execs feel their organizations aren’t equipped to handle a data breach. The survey covered the importance of training and education and also revealed that companies are planning to increase investments in 2020 by about 36%.
At the beginning of October, Becker’s Hospital Review hosted a webinar that covered data breaches, including how to ensure the safety of patient records and the consequences organizations face if a breach does occur.
Becker’s pointed out key stats including:
- The average cost of a healthcare breach is $6.5 million, 60% higher than the cross-industry average.
- 90% of hospitals reported a breach in 2017 and 2018.
- S. healthcare reported a high of 365 breaches in 2018.
Human error continues to be a significant factor in data breaches and these 10 examples of patient record exposure are proof.
The list includes a New York City medical office that dumped records in the trash, a laptop that was stolen from a Texas-based medical center, a lost flash drive that disappeared from a Reno provider, as well as other mailing errors and instances of employee theft.
Drug Diversion News
Kasey Leigh Travis, an Indiana RN, has been charged with 6 counts of obtaining a controlled substance by fraud or deceit, furnishing false or fraudulent information and theft, and failure to make keep or furnish records. The charges come after Travis was flagged by the St. Joseph Regional Medical Center Pyxis system as someone with a higher than average number of controlled substance removals.
After a urine test, Travis, who claimed she removed the drugs to assist other nurses during a busy time at the hospital, submitted to a urine test which tested positive for cocaine. According to investigators, Travis stole drugs including oxycodone, hydromorphone, fentanyl, and morphine among other drugs, with a total value of $5,352.42.
The White House has reported that the full cost of the opioid crisis — in terms of lives lost, increases in healthcare and substance abuse treatment costs, criminal justice costs, and reductions in productivity — adds up to more than $2.5 trillion between 2015 and 2018, a total that translates to 3.4% of GDP.
Those numbers are more than 3x higher than the results of a recent Society of Actuaries study, because of the inclusion of the “value of a statistical life”. The Council of Economic Advisers (CEA) believes that almost 30,000 lives were saved between 2017 and 2019, an improvement over some projections.
Want to catch up on what hospital leaders need to know about the opioid crisis and what it means for your bottom line? We have you covered.