Massive PHI Breach at Children’s Medical Clinics of East Texas
An employee of the Children’s Medical Clinics with a retaliatory agenda to cause damage to the clinic’s reputation, stole and improperly disclosed the confidential data of 16,000 patients. Notification letters were sent to affected people to inform them that an employee took paper records from the facility and sent screenshots of electronic patient records to a former clinic employee. The Office for Civil Rights (OCR) health data breach portal indicates patient names, dates of birth, diagnostic information and treatment information were disclosed.
Challenge
Your employees access sensitive and confidential patient information daily so they can do their jobs. Without persistent data-centric security, they can devise creative ways to defeat traditional perimeter based security measures. They can change the name of a sensitive file before printing it to avoid detection by security systems or make screen captures of sensitive information. If you are in healthcare, you need to protect printed PHI and other sensitive information from easily leaving your premises. This is a HIPAA violation and can result in massive fines and legal action.
Fasoo Solution |
Advantages |
|
Fasoo can block printing or require approval prior to printing a document if the document contains sensitive information. Each printout can be forced to contain a visible watermark showing who printed it, including company logo, user name, IP address, time, date and other identifying information. This allows you to know the source of a potential data breach and deters people from inappropriate behavior when handling sensitive patient information. This solution works with any physical or virtual printer eliminating problems of using different printers or printer drivers. A full audit trail of all print activities, including the text or image of the actual printed content, ensures complete control of your printing environment. In addition, Fasoo can prevent screen captures. These features reduce risk of exposing patient information. |
|