Home / News & Resources / Case Study / Are hospitals doing enough to protect patient confidentiality?

Are hospitals doing enough to protect patient confidentiality?

One in 13 patients will have their records stolen after a healthcare provider data breach[1]. However, despite the headlines, fraudsters don't just use the internet to get their hands on our sensitive information. So, while hospitals are looking at what they can do to protect our online data, they must also look at improving security measures to prevent unauthorised physical access to sensitive medical records.

In an unusual case, our solicitors saw just how one fraudster was able to get his hands on sensitive medical information by impersonating a member of the hospital's medical team.

What happened in this case?

In this data breach, a woman (our client), was a patient in hospital having just given birth. However, while she was there a fraudster impersonated a doctor to obtain information about her personal medical situation.

A student nurse provided the highly sensitive information to the imposter, which included details about a disease which our client had recently been diagnosed with, and with which she was struggling to come to terms with.

To date, nothing untoward has happened to our client following this incident, and there has been no contact from the person who obtained her medical records. But as she still does not know who accessed her data, and what might be done with, this situation is incredibly disturbing, and understandably this uncertainty has caused the woman considerable distress.

Lessons learned

Hospitals and other healthcare organisations need to do more to protect sensitive patient data.

All too often employees are involved in healthcare data breaches, and as such, employee training and awareness must form a core part of any security strategy and measures.

In this case, the hospital in question subsequently investigated the incident and agreed to improve their security systems and internal practices. Just simple steps such as ensuring that all members of staff wear ID at all times can make a big difference.

For more advice on how to keep your data safe, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

[1] Accenture