Just recently, the New York-Presbyterian Hospital and Columbia University paid the government $4.8 million, making it the largest settlement of its kind, to date, in order to resolve the charges stemming from a horrific exposure of 6,800 patient records. According to Ponderosa Partners analyst, Lars Dempsey, “Healthcare privacy disasters not only cost the institution at fault millions of dollars, but also harm all patients who can be victims of identity theft and other misdemeanors.”

1. Hospitals Look to Data Loss Prevention Software to Meet
HIPAA Requirements
Just recently, the New York-Presbyterian Hospital and Columbia University paid the
government $4.8 million, making it the largest settlement of its kind, to date, in order to
resolve the charges stemming from a horrific exposure of 6,800 patient records.
According to Ponderosa Partners analyst, Lars Dempsey, “Healthcare privacy disasters
not only cost the institution at fault millions of dollars, but also harm all patients who can
be victims of identity theft and other misdemeanors.”
The case stems from a situation where a Columbia University physician mistakenly
leaked New York-Presbyterian patients’ vital signs, medications, and laboratory results
onto the Internet after trying to deactivate a “personally-owned computer server,” which
was connected to a shared network, the Office for Civil Rights stated. Later, an individual
who discovered a deceased patient’s data through an Internet search engine notified the
hospital, which then reported the breach to the Office of Civil Rights.
Both entities failed to ensure that the server had the proper software protections, and to
identify all computer systems that accessed its electronic health information, said the
Office of Civil Rights.
“Although clinicians frequently use personal computers, smartphones or tablets to
conduct academic research, it’s unusual for a physician to use their own server for work”,
stated Judy Hanover, an IDC analyst covering healthcare information technology. “There
shouldn’t be a personally-owned server on a network at all in a hospital,” said Ms.
Hanover. She also mentioned that organizations, which are collaborating on joint
academic research, might not always communicate via data security safe methods, thus
leaving some avenues for vulnerabilities.
Despite the recent rise in enforcement of privacy rules via the Health Insurance
Portability and Accountability Act, a set of rules established in 1996 that requires

2. enterprises to protect and secure patient data, and come out with any leaks or breaches of
patient data. Since its inception, the OCR has recoded close to 1000 reports of breaches
or leaks involving more than 500 victimized patients. According to Darren Dworkin,
Chief Information Officer of Cedars-Sinai Medical Center, “We simply have to do
better.” Recently, more CIO’s and information technology teams have been adopting a
technology called data loss prevention software, to deter and prevent such breaches and
leaks from occurring.
In summary, its important that healthcare information technology professionals pursue
security measures such as data loss prevention software solutions to prevent large-scale
sensitive data catastrophes. As seen in the aforementioned example of the New York-
Presbyterian Hospital and Columbia University, a simple, well-intentioned mistake can
cost a healthcare organization millions of dollars. Furthermore, in the United States of
America, data loss prevention software meets operational use criteria as defined by the
HITECH act, which means healthcare enterprises can receive the maximum amount of
reimbursement by implementing systems to protect electronic health records.
Organizations who fail to comply with government regulations and refuse to secure their
highly sensitive data with data loss prevention security put themselves at severe risk in
this era of ever evolving, resilient hackers and cybercriminals. Therefore, its in healthcare
organizations best interest to embrace employee flexibility via cloud and employ security
measures such as data loss prevention software for best security & efficiency.