DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Despite Wave Of Data Breaches, Official Says Patient Privacy Isn’t Dead

Posted on March 21, 2015 by Dissent

Charles Ornstein of Pro Publica talked with Jocelyn Samuels, director of OCR. You can read his interview on ProPublica.org.  Pretty much everything they touched on has been discussed numerous times on PHIprivacy.net, so you may not find anything new in the interview if you were a regular reader of PHIprivacy.net, but I suppose it’s still reassuring to hear the director of OCR say that patient privacy isn’t dead.

That said, if you look at HHS’s public breach tool, and look at how many breach investigations are still not concluded, years later, it should continue to concern us.

Both HHS and FTC have resources that are insufficient to really keep up in a timely fashion with data security enforcement. And all too often, the public doesn’t find out about corrective action plans OCR obtained from covered entities unless the plan is attached to a press release announcing the rare monetary penalty. The information is out there if you know where to look, but again, it may take years before we get more information. I am not criticizing staff at HHS and OCR who work diligently. But let’s face it, they need a lot more resources to do their job in a timely fashion.

In some cases, the delay may leave patients at continued risk of ID theft or medical identity theft. Consider, as one example, the breach involving  Lanap & Dental Implants of Pennsylvania that was first reported by WNEP in Pennsylvania in December 2013, and reported on PHIprivacy.net. That breach occurred in 2010, and only some of the patients were notified in 2012. Those who were notified were not even told that their information, including Social Security numbers, were available for download on multiple torrent sites. To this day, patients who may never have been informed of the breach would be – and are –  still at risk because their information is still freely available online. In January 2014, this blogger filed complaints with both HHS and the FTC over the breach in terms of compliance with the Security Rule, notification requirements under HITECH, and unfair and deceptive practices under Section 5 of the FTC Act.

What did either agency do with that complaint? We have no idea because investigations are not public. The only thing we do know is that in 2014, HHS revised its entry for the incident on its public breach tool. But as there is no summary for the investigation, we must presume the investigation is still open. So five years after patient data was uploaded to torrent sites, are there patients who still don’t know that their personal information is freely available to criminals? Maybe OCR knows, but we don’t know the answer to that.

Pro Publica is also looking for patients who have had their privacy violated to share their story.  Patients and consumers have always been welcome to share their reactions and experiences on this site and PHIprivacy.net, but if you’d like to reach a wider national audience, do consider contacting them, too.

Category: Commentaries and AnalysesHealth DataU.S.

Post navigation

← CA: Tutor in Corona Del Mar grade-changing scandal faces more hacking charges
California Health Care Facility Breach Statute Updated: Changes Effective Now →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Hearing on the Federal Government and AI
  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • The Decision That Murdered Privacy
  • Hearing on the Federal Government and AI
  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.