As if we needed yet another reminder of why you need to ensure ex-employees can no longer access the network, the Baltimore Sun reports: It happened one day last year, as more than a dozen board members of a Baltimore substance abuse center had gathered around a conference room. The CEO was giving a PowerPoint…
Month: September 2010
South Shore Hospital won't provide individual notice. Do they have to?
Joseph Goedert has an interesting article on Health Data Management about the South Shore Hospital breach, focusing on whether South Shore Hospital is required, under HITECH, to notify individuals by postal mail or if they can use the “substitute notice” provisions under Massachusetts law. Goedert writes, in part: According to a new statement on…
California State Agency Released Confidential HIV Information: ACLU and Lambda Legal Demand Explanation
Today Lambda Legal, the American Civil Liberties Union of Northern California (ACLU-NC), and HIV & AIDS Legal Services Alliance (HALSA) sent a letter to David Maxwell-Jolly, Director of the California Department of Health Care Services, demanding a full explanation for the unauthorized and illegal disclosures of confidential identifying information of approximately 5,000 HIV-positive Medi-Cal recipients….
California hospital fined $250k for tardy breach notice to state (updated)
If you’re supposed to report a breach to the state of California, you’d darn well better report it in a timely fashion. HealthLeaders Media reports that Lucile Salter Packard Children’s Hospital at Stanford University has been fined $250,000 by the California Department of Public Health for failing to report a patient records breach <del>by April 23</del>. The…
Unauthorized Computer Access and the California Penal Code
Attorney Andy Serwin writes: California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California. It is an offense if any person: knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order…
Wake up calls: some still hitting the ‘snooze’ button
Robert Lemos of Dark Reading writes: The recently revealed abuse of insiders’ system privileges to commit fraud at Sprint could be a wake-up call for other enterprises to implement more stringent security practices, experts said this week. How many times have we seen a similar statement in the past five years? How many times have…