Do you have a privacy breach awareness program in place in your healthcare practice? Spotting a privacy breach is the first step to stopping a privacy breach. You Can Use This Privacy Breach Example to Review and Improve Your Practices.
In May 2018 an employee of the NWT was travelling on business in Ottawa.
The employee left the laptop in a locked vehicle. The laptop was stolen. The employee thought that the laptop had been encrypted; however, in the investigation it was determined that the laptop was not encrypted.
Loss of Control of Health Information
The employee had authorized access to the health information to perform statistical analysis for their job. The employee thought that the laptop was encrypted and that it had a secure password.
Later, when the theft was reported to the NWT Health Department and an internal investigation was conducted, it was determined that the laptop had not been encrypted.
There was a large amount of data on the laptop – an estimated 80% of the NWT's population might be affected by the breach.
Apparently, the laptop has not been recovered.
In 2018, the NWT Privacy Commissioner reported the investigation.
In February 2019, the investigation about the incident is still being reported in the media! The NWT Health Department has provided reams of information about the information that was included in the breach.
This breach was entirely preventable.
Keep this story in mind when you are trying to determine the return on investment to purchase a robust privacy and security management plan for your mobile devices and remote access to health information.
You can pay a little more now and ensure that your devices are securely encrypted with secure access and remote-wipe abilities and privacy awareness training . . . or you can pay over and over again for an investigation and bad publicity that never ends!
Privacy Breaches – What You Need to Know
- Preventing a privacy breach from common sources of risk is usually far more cost effective than managing the privacy breach investigation!
- Password protection of your laptop, smart phone, or USB device is NOT the same as encryption. Make sure that your mobile devices are encrypted. If you are not sure, find out from a reputable certified IT technician.
When we know better, we can do better…
I’ve helped hundreds of healthcare practices prevent privacy breach pain like this. If you would like to discuss how I can help your practice, just send me an email. I am here to help you.
Jean L. Eaton, Your Practical Privacy Coach
References and Resources
N.W.T. employee dug through planters, trash to find stolen laptop, weeks after privacy training. Priscilla Hwang · CBC News · Posted: Feb 26, 2019 https://www.cbc.ca/news/canada/north/stolen-laptop-nwt-security-details-ottawa-1.5024775