After all of the recent issues with Ransomware and other cyber-attacks in the healthcare field, paying attention to the details can be overlooked at your peril. In my home state of Alabama, a laptop was stolen from a vendor to CVS Health. This laptop, for some unexplained reason, had Protected Health Information (PHI) on it. Of course, it was not encrypted, as per CVS network policy, so somebody had a field day with people who used a certain Pharmacy in Shelby County (Birmingham South Suburban). Their so-called private information was not, and now the company has to inform those on it, and presumably make amends for this.The laptop contained information about customers who have had prescriptions filled at the CVS store at 8370 Highway 31 in Calera, the company announced Monday. The laptop was stolen from the vendor and reported to the Indianapolis police department (Kelly Poe, 2016, para. 2).Interesting tidbit here is that it was reported to a police department over 500 miles away from the “scene” of the crime. A later version of the story said it happened at the unnamed vendor’s locale, which is not the CVS in question.
- This has HIPAA written all over it.
- Ignorance is not bliss.
- Compliance is not limited by company size.
Kelly Poe. (2016, April 18). Alabama CVS’ patient information at risk after laptop stolen. AL.com. Shelby County AL. Retrieved from http://www.al.com/business/index.ssf/2016/04/patient_information_at_risk_af.html