HIPAA Violations: Stay Out of the Spotlight

When it comes to security and PHI for hospitals, it’s best to keep out of the news headlines…

In talking with our healthcare partners these days, a lot of our conversations tend to move toward security, and more specifically, securing PHI. With the recent cyber-attacks on healthcare organizations making headlines and resulting in complete shutdowns of hospital IT systems, you can understand how this is a priority.

For example, let’s look at what happened to MedStar in March—a Washington, D.C. area hospital chain, operating 10 hospitals. Hackers infiltrated MedStar’s health systems, crippling its IT infrastructure, forcing it to shut down. This resulted in a breach of more than 4.5 million patient visits in 2015 and forced MedStar to return to paper records.

In addition to securing IT systems, healthcare organizations also have to deal with safeguarding paper-based medical records and ensuring they are properly stored and secured under the medical information privacy laws known as HIPAA. The consequences of not doing so can be severe, as happened recently in New York City at the Mount Sinai Beth Israel Senior Health Center when patient health records were found discarded on a New York City street. Medical records, receipts and prescriptions were found in public trash bins outside of the facility, directly violating HIPAA regulations.

Well the good news is that in addition to extracting clinical data from paper-based labs and PDFs, Extract Systems also assists healthcare organizations in automatically redacting sensitive PHI to avoid violating HIPAA regulations. In fact, a leading healthcare organization is using Extract’s ID Shield software to automatically redact a vast array of sensitive PHI fields that could negatively impact the hospital and its patients, should there be a breach.

With this in mind, our customer is redacting a high number of different fields, including:

  •  Name
  •  Date of Birth
  •  Phone/Fax Number
  •  Medical Record Number
  •  Health Plan Beneficiary Number
  •  Full Face Photos
  • Address
  •  Facility Name
  •  Social Security Number
  •  Insurance Number
  •  Barcodes


When you think about it, there is quite a bit of information out there that needs to be secured. What our customer likes about ID Shield is that this is all done automatically. Should there be a security breach, they won’t be the latest headline.


Want to learn more about how you can protect your
organization from a HIPAA breach? Complete the form
below and someone will contact you shortly.

Name *

About the Author: Joseph Smith

With over 15 years experience working with large hospitals and health systems in both HIS and communication platforms, Joseph Smith helps healthcare organizations streamline data entry to enable fast access to critical information. He blogs on topics relating to advanced data capture, and automating workflows.