Cottage Health System based in California notified over 32,000 patients that their personal information may have been accessible on Google.
A third party IT vendor for the Health System inadvertently removed security protections from a file containing personal health information on its server. The file was accessible through Google for approximately two months before the error was discovered. The Health System was not aware of the security issue.
The accessible information included name, date of birth, medical diagnosis, lab results, and addresses. No social security numbers or payment information was exposed.
The Health System's letter to its patients observed that the Health System took steps to prevent a similar event from happening again, including reviewing relationships with third parties and increasing security checks.
One Facet of BAS Security Practices to Manage System Changes
At BAS, we strive to protect against incidents as described above through the use of system change management controls. In fact, BAS has incorporated Tripwire(R) change management solutions that are designed, in accordance with the Health Insurance Portability and Accountability Act (HIPAA), to protect the confidentiality and integrity of electronic personal health information (ePHI) and personally identifiable information of BAS clients. Being HIPAA IT compliant means virtual and physical configurations- from networks and servers, to virtual machines and security infrastructure- must be maintained and assessed against HIPAA policies, and proven in the event of an audit.
The Tripwire solution for BAS' HIPAA IT Compliance incorporates best practices for high integrity systems management and enhances BAS' data security of electronic personal health information.
BAS' Tripwire solutions delivers a comprehensive solution by:
BAS takes great steps to maintain its security compliance to protect clients' sensitive data from unauthorized access or disclosure.