Privacy Breach Involving Connecticut Hospital Shows Need for Electronic Health Records

A recent privacy breach involving a Connecticut hospital shows why organizations need to keep electronic health records, as well as the risks associated with paper copies of records.

Hartford’s Saint Francis Hospital announced last week that printed records, which carried medical information of 858 patients, were stolen late in December.

The paper records were stolen from a car belonging to a physician who works in the hospital’s emergency department – as an independent contractor. The vehicle was in New Haven at the time of the theft.

The stolen documents included names, dates of birth and medical record numbers of patients treated at the hospital. However, the documents did not include social security numbers, financial information or addresses.

As a result of the document theft, the hospital put into place some additional safeguards and offered credit monitoring to the patients. Also, disciplinary action was taken because taking such documents out of the hospital complex is a violation of internal policy, according to WVIT TV. The doctor was identified in news reports as Bindu Vanapalli.

"Our goal has always been to help ensure adequate safeguards are in place to protect our patients' confidentiality," Dr. John Rodis, chief operating officer at Saint Francis, said in a statement carried by The Hartford Courant. "Education of our staff has already been completed and we are evaluating other opportunities to strengthen our compliance program."

The incident reinforces the need for electronic health records (EHRs). Among the many reasons EHRs benefit patients and caregivers are improving privacy and security of patient data, according to a U.S. government document. EHRs also provide more coordination of health care services, improved patient safety, and lower waste and less risk for redundant tests. That means there is better diagnosis of patients and fewer errors.

Last year, a study in Health Services Research reported variation in the adoption of EHRs by U.S. ambulatory healthcare sites. The EHR adoption rate for ambulatory care sites ranged from 27 percent in New Jersey to 65 percent in Minnesota. In fact, many healthcare providers have yet to implement digital records, according to the Center for Advancing Health. More on keeping data safe through digital means such as the cloud can be discovered at the “Locking Down the Enterprise: Keeping Sensitive Data Safe in the Cloud and On-premises” conference during the ITEXPO, taking place this week in Miami, Florida.