OIG Discovers that HRM Medical Software at Long Island Medical Facility may Expose Patients Data

Protecting patients medical information is more important now than it ever was because a study in 2018 revealed that more than ⅓ of all the global cybersecurity breaches were within the Healthcare industry. This is rather discouraging when you think about the importance of confidentiality and safety in Healthcare. Recently, the VA OIG discovered that about 133 patients who use medical devices from Tibor Rubin VA Medical Center had their data compromised.

 Tibor Rubin VA Medical And Patient Data Exposure

According to the latest report, the personal information of the affected patients was saved in unencrypted text messages and personal emails. It all started when the company came up with a new method of keeping HRM medical devices that didn’t meet the VA and VHA security and privacy policies in use. This was after the devices stopped functioning following an upgrade in 2013.

 The OIG reported that after the devices lost their ability to function, technicians decided to use prohibited logbooks, personal emails, unencrypted flash drives, and a personal computer to perform two workarounds that allowed the medical device to interact with the VHA’s EHR system. While 11 other equipment stopped working after the upgrade in 2013, only the workarounds for the HRM devices didn’t meet up to privacy standards.

 The medical facility, Tibor Rubin VA Medical Center, has been asked to ensure that communications between biomedical engineers, IT staff and other employees are facilitated whenever there is a problem or an upgrade on the interface. They have been asked to make adjustments to their handbook on breaches within the system to ensure that the personal information of patients remains safe. The OIG also recommended that every staff should be told what to do when there is a breach of patient information across medical devices in the company.

Greg Slabodkin
About Greg Slabodkin 3587 Articles
Senior writer and editor with extensive experience covering pharma and medtech industries and international regulation. Greg has written about health information technology for several tech trade publications, with a brief stint in corporate communications for a large medical device manufacturer. Greg has also written for numerous healthcare publications read more

Be the first to comment

Leave a Reply

Your email address will not be published.


*