TRICARE in Trouble Again- More Lawsuits to Face
Protecting sensitive data is certainly not as simple as we may imagine- and yet another incident of data theft demonstrates this beyond any doubt. In what is reported to be the largest data breach incident since the HIPAA breach notification rule came into effect, the Defense Department’s TRICARE healthcare program, which serves active duty troops and their departments, military retirees etc., reported theft of backup tapes of electronic health records.
Nearly 4.9 million patients treated under the TRICARE healthcare program in San Antonio area’s military treatment facilities since 1992 are said to be affected by this data breach. The Science Applications International Corporation (SAIC), which is one of the business associates of the TRICARE program, reported the breach on 14th of September. It is said that the backup data tapes were stolen from the car of an SAIC employee who was responsible for transporting them between federal facilities in San
Antonio.
While there is no indication of unauthorized persons accessing the stolen data, the local police department, a private investigator, the Defense Criminal Investigative Services, and SAIC are working together to recover the tapes at the earliest. The stolen tapes are said to contain sensitive information including Social Security numbers, names, addresses, phone numbers and some personal health data of patients, such as clinical notes, lab tests and prescriptions.
Although TRICARE does not have a policy on encryption of backup tapes, efforts were made to encrypt and protect data before the records were backed up on the tapes. However, the operating system in the facility was not capable of encrypting data in a manner that was compliant with federal standards. The facility was therefore seeking a compliant and efficient encryption solution when the tapes were stolen.
While the harm caused from this incident of data theft is said to be significantly low because of the specific knowledge required to access the data on these tapes, both SAIC and TRICARE are reviewing their current policies and procedures for data protection in order to avoid similar incidents in future. This event of data theft once again brings the importance of an efficient compliance management solution to the forefront.
With increasing dependence on electronic records in healthcare, ensuring the safety of patient health information is crucial. Only a comprehensive and completely automated healthcare compliance solution can offer seamless data protection. And this is what SecureGRC is designed to provide. Besides automated compliance management, SecureGRC is capable of effectively preventing data loss and ensuring complete data protection.
Related posts
