Branded thumb drives: isn’t it great when you get one at a conference? They’re so handy to have around! But, that handiness also makes them a risk for your practice.
Even having a policy against downloading patient records to an external drive may not be enough to make thumb drives worth the risk: as this story from the Salt Lake Tribune illustrates, just having a policy isn’t enough if people aren’t aware of it (or choose to ignore it). Although the employee in the story — who downloaded 6,000 patient records to a thumb drive, and then lost it somewhere en route between UT, CO and DC — was fired, the missing records could still be found by someone with less-than-honest intentions. And, the woman’s employer, a Medicaid claims processor, did have a policy against downloading patient records — the “star employee” just didn’t know about it.
Of course, while this fired downloader seems to have had purely innocent intentions, the story also illuminates how easy it would be to download thousands of records onto a drive and slip it into a pocket — and later sell those records to criminals. Some estimates put the value of patient medical identity data at $50/patient or more on the black market.
That’s why you probably won’t see a Capko & Company branded thumb drive as a gift any time soon. Even though they’re irresistible!