This breach outlines the dire consequences that can result when critical and extremely private personal data can be accessed by the wrong people. In this case, employees who had open access to not only confidential patient data, but also billing information, were able to steal account info and rob elderly and vulnerable victims.
The hospital contends that this was the result of a crime and not due to hospital procedures and this may be the case. But health care organizations are going to have to change policies quick to restrict access to this type of information, or these type of stories will only increase with dire results for patients and the hospital alike.
I contend that organizations should perform a review of their current identity management and protection policies to see how easy and how many employees could potentially compromise data, such as happened here at the University of Maryland Medical Center. I believe that an identity management solution that is well planned and implemented can allow health care organizations to restrict and monitor access to critical systems containing confidential information. In my own consulting work, I have heard from many security officers admissions of improper access; that too many people can easily access patient data. An organization without an identity management policy is giving a huge advantage to these criminals.
The story below is from the Baltimore Sun, July 14. http://www.baltimoresun.com/health/bs-md-identity-theft-20110714,0,3173292.story
For information on Tools4ever identity management solutions and how they can benefit any health care organization, please click here.