Last week on our HiTech Terms series we defined IoT. IoT is an abbreviation for the internet of things. IoT includes countless devices that connect to the internet to get and share information.
Click here to access HiTech Terms: ‘What does IoT stand for?’ to discover examples of the IoT devices visit: http://gettinslaw.com/hipaa/2015/03/27/hitech-terms-what-does-iot-stand-for/
In our HiTech Terms post we discussed the risks associated with IoT devices. Hence, here is a recent case. The case involves Valley Community Healthcare out of North Hollywood, California and a laptop connected to the EKG machine. On February 24, 2015, it was discovered that a laptop connected to EKG was missing from Valley Community Healthcare office. Patients were notified March 9th. A notice was posted on the Valley Community website: https://oag.ca.gov/system/files/Valley%20Community%20Breach%20Letter%2003-2015%20SRR%20Revised_0.pdf. The laptop was used to enter names and dates of birth of patients pursuant to conducting an EKG. The laptop was password protected, but not encrypted. The theft of the laptop was reported to the local police.
This is not the only case of devices being stolen from office premises. Click here to see our post about 8 Stolen Computers Leads to HIPAA Breach or visit: http://gettinslaw.com/hipaa/2014/05/15/8-stolen-computers-leads-to-hipaa-breach/
What should health plans, health care providers and Business Associates do? Here are 2 watch-outs.
- When exploring privacy risks it is important to consider all devices, not just the primary user workstations. Most devices are smart these days. They connect to the internet, the cloud, and/or office computer networks systems. They are used to share, store, input, and access information.
- Also, don’t forget about office security. We don’t think about it, but thieves can be the visitors that come to our offices. A would be theft could be a patient or a co-worker.