A HIPAA breach at a Pennsylvania-based hospital serves as another reminder that data on USB devices can be lost or compromised. The breach involved approximately 1,800 patients’ protected health information and occurred after a clinical laboratory technician uploaded the sensitive information onto a USB device. He then accessed the data at home on his personal computer outside of the safeguards of the hospital’s secure network.
The technician also shared patient data through his personal email with two physicians affiliated with the hospital. While he was authorized to access PHI, his actions did not follow protocol; he was not permitted to store patient data on the USB device or view it on his home network.
Benefit Allocation Systems, Inc. recognizes the potential risks of allowing sensitive information to leave its secure systems. Therefore, BAS does not permit information to be uploaded onto USB flash drives. This ensures that protected client data remains in BAS’ secure systems.