A healthcare provider in Virginia recently lost track of more than 15 years’ worth of backup disks when they went missing from a secure facility, but the fallout may be minimal thanks to a lucky break of outdated technology.
Emory Healthcare informed 315,000 of its former surgical patients that their data had gone missing from its storage center in February. The information on the disks constituted the entire period of September 1990 through April 2007. Records consisted of those who had visited the Emory Hospital, Emory Hospital Midtown, and Emory Clinic Surgical Center locations anytime during the 17-year period.
There’s no word as to whether the files on the 10 missing backup disks were lost, stolen, or accidentally destroyed, but Emory officials said even though they were certain the disks had been removed from the facility, the files weren’t readable by standard computers anyway. In fact, the hospital itself no longer has ready access to the technology needed to view the files on the missing disks even if they’re recovered.
This incident highlights the need for diversified data management. While creating an online backup for this kind of data may not be at the top of every IT manager’s list, such redundant failsafes could have prevented the hospital from facing the compliance nightmare it may now have to endure. Even a secondary backup hard drive would have prevented potentially irreversible loss of sensitive patient information.
Many hospitals currently utilize some sort of digital technology for creating and storing information. Patient records are usually transcribed to a PC or are directly entered to a computer terminal and oftentimes doctors and nurses request summaries in order to avoid reading long transcripts, meaning the overall volume of data hospitals need to manage is continually growing. What’s more, hospitals need to maintain records on discharged or deceased patients, so there is no time frame for discarding data. Despite such large quantities of information, medical filings need careful data backup solutions to maintain security, confidentiality, and compliance.
There’s no word yet if Emory will face repercussions for violating HIPAA laws, but it’s clear that the hospital exhibited a major compliance failing through this privacy breach. Under federal law, patient data must be accurate, accessible and completely secure, be it stored in the cloud or through a server backup solution.