DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Despite Wave Of Data Breaches, Official Says Patient Privacy Isn’t Dead

Posted on March 21, 2015 by Dissent

Charles Ornstein of Pro Publica talked with Jocelyn Samuels, director of OCR. You can read his interview on ProPublica.org.  Pretty much everything they touched on has been discussed numerous times on PHIprivacy.net, so you may not find anything new in the interview if you were a regular reader of PHIprivacy.net, but I suppose it’s still reassuring to hear the director of OCR say that patient privacy isn’t dead.

That said, if you look at HHS’s public breach tool, and look at how many breach investigations are still not concluded, years later, it should continue to concern us.

Both HHS and FTC have resources that are insufficient to really keep up in a timely fashion with data security enforcement. And all too often, the public doesn’t find out about corrective action plans OCR obtained from covered entities unless the plan is attached to a press release announcing the rare monetary penalty. The information is out there if you know where to look, but again, it may take years before we get more information. I am not criticizing staff at HHS and OCR who work diligently. But let’s face it, they need a lot more resources to do their job in a timely fashion.

In some cases, the delay may leave patients at continued risk of ID theft or medical identity theft. Consider, as one example, the breach involving  Lanap & Dental Implants of Pennsylvania that was first reported by WNEP in Pennsylvania in December 2013, and reported on PHIprivacy.net. That breach occurred in 2010, and only some of the patients were notified in 2012. Those who were notified were not even told that their information, including Social Security numbers, were available for download on multiple torrent sites. To this day, patients who may never have been informed of the breach would be – and are –  still at risk because their information is still freely available online. In January 2014, this blogger filed complaints with both HHS and the FTC over the breach in terms of compliance with the Security Rule, notification requirements under HITECH, and unfair and deceptive practices under Section 5 of the FTC Act.

What did either agency do with that complaint? We have no idea because investigations are not public. The only thing we do know is that in 2014, HHS revised its entry for the incident on its public breach tool. But as there is no summary for the investigation, we must presume the investigation is still open. So five years after patient data was uploaded to torrent sites, are there patients who still don’t know that their personal information is freely available to criminals? Maybe OCR knows, but we don’t know the answer to that.

Pro Publica is also looking for patients who have had their privacy violated to share their story.  Patients and consumers have always been welcome to share their reactions and experiences on this site and PHIprivacy.net, but if you’d like to reach a wider national audience, do consider contacting them, too.

Related posts:

  • TeamGhostShell posts “master list” of 548 leaks (so far)
  • HHS Office for Civil Rights Imposes a $240,000 Civil Monetary Penalty Against Providence Medical Institute in HIPAA Ransomware Cybersecurity Investigation
  • FTC Takes Action Against Drizly and its CEO James Cory Rellas for Security Failures that Exposed Data of 2.5 Million Consumers
  • An OCR investigation illustrates the value of investigating small and medium-sized entities
Category: Commentaries and AnalysesHealth DataU.S.

Post navigation

← CA: Tutor in Corona Del Mar grade-changing scandal faces more hacking charges
California Health Care Facility Breach Statute Updated: Changes Effective Now →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.