IT error deletes Creighton pharmacy patient records, including prescription, insurance info

Julie Anderson reports:

An IT error resulted in the deletion of patient records Tuesday from the Creighton University Campus Pharmacy at 2412 Cuming St.

The lost data includes prescription and refill history and insurance information for all customers. A count of customers wasn’t immediately available, but the pharmacy filled 50,000 prescriptions in 2017.

The incident did not involve breach, Creighton officials said. No patient records were stolen; the data was deleted.

However, the loss means that the pharmacy’s database must be rebuilt. All patient data must be re-entered and new prescriptions obtained from physicians.

Read more on Live Well Nebraska.

So… was this/is this pharmacy a HIPAA-covered entity? It would seem that it almost certainly is.  So where was its risk assessment?  And did they really have no backup?

This may not be a reportable breach under HIPAA and HITECH, but HHS OCR should be auditing them and looking into this if they are covered by HIPAA>

 

About the author: Dissent