ePHI Archives Remain Vulnerable

We read that Fallon Ambulance Services, despite being no longer in business and holding ePHI for "legal obligations" sake, was breached recently exposing almost 912,000 patients' worth of data.

We are posting this news because we sometimes speak with people that gloss over or disregard aggressively protecting legacy ePHI being stored outside of their current electronic health record system. There are wonderful solutions that hold "old EHR" information, saving a medical organization from keeping two expensive EHR subscriptions. Even with limited user accounts and other administrative controls, organizations are wise to audit and monitor these peripheral systems - both for compliance sake and for reasonable and appropriate security sake.

Stay (HIPAA) safe,

Alan -