Health Information Exchange Featured Article
Univ. of Virginia Medical Center Says Patient Information May Have Been Breached
While the concept of electronic health records (EHR), or universally accessible medical information that allows healthcare professionals to treat and diagnose patients in a more virtual way, is a great idea and expected to revolutionize healthcare and save money, the technology has a rather large Achilles’ heel: security.
This was emphasized today when the University of Virginia Medical Center began warning patients that an electronic device containing their medical and personal information went missing, potentially compromising hundreds or even thousands of patients.
The Associated Press is reporting today that the hospital began notifying patients on Friday about the potential security breach and it has opened a temporary call center to serve patients who might have questions regarding the ramifications of the security breach. That call center was due to open today (Monday, December 3rd).
The handheld device that was lost, leading to the potential breach of confidential information, was used by on-call pharmacists at the Medical Center’s Continuum Home Infusion. The device supposedly went missing around October 5 of this year.
Affected patients received services from Continuum Home Infusion during September. Potential patients, who were referred to Continuum Home Infusion from August 2007 through September, could also be affected.
Hospital officials said in a statement that the device might have contained patients' names, addresses, diagnoses and medications, along with some Social Security numbers and health insurance identification numbers. Officials said there is no evidence that the information on the device has been accessed and used improperly.
The health center is required to notify officials and affected patients under the terms of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), which governs patient privacy.
Edited by Brooke Neuman