Concerns over a potential data breach at a major healthcare staffing agency in December shed light on the very real threat to healthcare providers relying more than ever on vendors for temporary help.

Staffing company Gale Healthcare Solutions, which serves several long-term care providers, told McKnight’s that reports of a database breach compromising more than 170,000 records with confidential information had some ”issues” and that a system vulnerability had been addressed months ago.

Still, a report by hacking experts at Website Planet on the storage of worker information, including possible Social Security numbers in file names, served as a warning to LTC and other providers not to take vendors’ digital standards for granted.

“If a vendor suffers a data breach that potentially compromises employees’ information, an employer could potentially face a class action negligence suit from its employees, who may seek damages stemming from any identity theft or financial fraud that they allegedly suffer as a result of such a data breach,” said attorney Diane Reynolds, a partner at McElroy Deutsch.

“A data breach with the potential to disclose employees’ protected characteristics and activities such as sexual orientation, disabilities or religion could also potentially result in claims under federal and state civil rights laws,” she added.

Some courts, Reynolds noted, have imposed a common law duty on employers in all sectors to use “reasonable” security measures to secure employees’ personal information. That duty could extend to temporary employees hired through staffing agencies, she added.

Even as providers are desperate for new labor sources, they must continue their due diligence on ensuring secure technology, warned McElroy Deutsch Associate Bradford P. Meisel.

“Healthcare providers should ensure that they have HIPAA business associate agreements with all vendors as well as boilerplate provisions in all of their vendor agreements requiring vendors to use commercially reasonable security measures,” Meisel said.

From the January/February 2022 Issue of McKnight's Long-Term Care News