Investing in an asset is accompanied by the need to protect the asset. Mobile phones and tablets are small and may be misplaced or stolen. An employee may drop it in his/her pocket and forget to turn it in at the end of the shift and take it home.
Theft is an issue in medical facilities, as in the instance of the Texas Veterans Affairs Hospitals, which discovered last year that $6.2 million in taxpayer-purchased items were lost or stolen. Items ranged from cell phones to a John Deere tractor. Santa Clara Valley Medical Center, San Jose, CA, partially supported by tax dollars, reported 383 items, valued at nearly $12 million, missing between 2010 to 2014. United Memorial Medical Center in Batavia, NY, reported more than $50,000 of stolen equipment, which later turned up for sale on eBay. Much of such theft is due to insider wrong-doing.
Searching for lost or misplaced items is costly, too. A survey by Nursing Times found that more than one third of nurses spend at least an hour searching for equipment during an average hospital shift, and another hour is spent helping other departments to find items, translating to approximately 40 hours per month spent by nurses wasting expensive time looking for lost equipment.
Lost or stolen devices can result in a breach of protected health information. An online article from Bitglass, “Device Theft Dominates Healthcare Data Breaches,” refers to their 2014 Healthcare Breach Report, which analyzed healthcare data breaches from the previous 3 years. The report noted that 68 percent of breaches since 2010 occurred because devices were lost or stolen. In contrast, only 23 percent of breaches were due to hacking. The report found that more than 76% of all records breached were the result of loss or theft. Also of note, the report stated that healthcare data is 50 times more valuable than credit-card information on the black market.
The Bitglass article said that almost one-half of all data breaches reported in the U.S. are healthcare-related. Nat Kausik, CEO of Bitglass, was quoted as saying, “While major hacking events more commonly make headlines, our research shows that unprotected data on lost or stolen devices represents the majority of breach activity in healthcare. . . . This reaffirms the need for healthcare organizations to reevaluate their security and compliance strategies.”
The U.S. Department of Human Health and Services frowns on breaches of unsecured protected health information to the extent that penalties are imposed. The HIPAA Breach Notification Rule requires HIPAA-covered entities and their business associates to notify individuals affected by the breach, as well as the Secretary, and, in certain circumstances, the media. In addition are the legal repercussions and expenses. No medical facility wants that kind of attention or added costs.
An example is the case of the Catholic Health Care Services (CHCS) of the Archdiocese of Philadelphia, which provided management and information-technology services as a business associate to six skilled nursing facilities. Theft of a single CHCS mobile device compromised protected health information of more than 400 nursing-home residents. The U.S. Department of Health and Human Services Office for Civil Rights determined that CHCS had no policies in place for addressing the removal of mobile devices containing protected health information from its facility or what to do in the event of a security incident. It was an expensive lesson. The CHCS settled potential HIPPA violations to the tune of $650,000.
Clearly, many millions of dollars are lost each year on stolen or misplaced equipment and related consequences. It is imperative that a system be put in place to protect valuable assets, to protect confidential data, and to tighten security controls.
Seal Shield’s ElectroClave™ uses radio-frequency identification (RFID) for tracking and auditing to help prevent asset loss and theft, providing better control over inventory. The RFID tags integrate with nearly any existing ultra-high frequency RFID network, ranging from 902 to 928 MHz, providing faster data-transfer rates and reliable performance for electronic-asset surveillance and device management. Also available are Ultra-Slim Tags, passive RFID tags that are well-suited for small electronic devices and stick to a variety of materials. Tags are unobtrusive, preserving the device’s original form. The RFID component captures oversight data automatically and makes it available to clinicians, management, and information-technology staff via the cloud.
Tagged assets can track who checked out the device and can track where the devices are at any given time. Alerts can notify when devices are not in location compliance. ElectroClave RFID™ system can prevent data breaches, and concomitant HIPPA fines, by shutting down the device and wiping it clean of data if a device is determined to be out of its location assignment. Workflows and notifications can be customized in the ElectroClave™ management portal to send a push notification to a device/user that he/she is out of location compliance. If the device does not come back into location compliance, data can be wiped off the device remotely.
Leaving your facility’s mobile devices unprotected is a dangerous, perhaps very costly, risk. Call Seal Shield, 87-SEAL-SHIELD (877-325-7443), and let one of our experts advise you on how to protect your investment today.
Susan Cantrell, ELS
Infection Control Corner
Infection Control Corner
Other articles in this series:
Mobile Device Management: Part 1
Mobile Device Management: Part 1
Other articles by this author: