A KPMG auditor caused a breach for New Jersey hospitals because he or she lost an unencrypted flash drive containing over 4,500 patient records. Shows the need to also ensure auditors have good safeguards in place! It would be interesting to see if the OCR required the auditors to have their USB storage devices encrypted. If not, they apparently should have. If they did have this requirement, then the auditor should face sanctions for non-compliance. It will be interesting to see what, if any, actions the OCR takes against KPMG for this incident.
HIPAA Auditor Involved in Own Data Breach
Tags: encryption, KPMG