DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

N.J. volunteer EMS agency says patient data was breached

Posted on December 23, 2021 by Dissent

Leila Merrill reports:

A volunteer EMS agency in New Jersey says in a news release that patient data in New Jersey was breached, and it has requested formal hearings in the state Senate and Assembly Health Committees.

The Lincoln Park First Aid Squad, also known as Lincoln Park EMS, announced that it and other squads that are part of the EMS Council of New Jersey 17th and 18th Districts, inadvertently found that the state health department’s office of EMS gave the New Jersey State Police’s Fatal Accident Reporting System access to an electronic medical records system used by ambulance services throughout New Jersey. This is said to be an administrator access, which is high-level, without oversight, and includes access to medical records.

Read more at EMS1

A key part of the press release says:

Federal HIPAA regulations require the Squad to report to the U.S. Department of Health and Human Services any instances in which medical records were accessed without proper authorization. The Squad, through its attorneys Keavney & Streger, LLC, contacted Dr. Terry Clancy, Director of the Office of EMS, to obtain information and determine the nature and scope of the medical records accessed. Rather than provide details to facilitate the investigation, Director Clancy responded that this was normal business under a separate data sharing agreement which has strict limits on the type of information accessible related to opioid overdoses. Instead, this appeared to be a completely new granting of blanket access to any medical record without controls. Rather of answering these reasonable questions, the Squad and its members were threatened with discipline for pausing data sharing with the State to ensure privacy protections during the investigation.

The Squad contacted Commissioner Judith Persichilli with these concerns, but no reply whatsoever was received to that request. As a result, the Squad has requested formal hearings on this topic in the Senate and Assembly Health Committees.

So if this was an accidental misconfiguration that allowed access, you’d think the state would issue a statement and investigate and notify properly. Instead, it sounds like the squad feels they are being stonewalled or lied to. Was this legitimate and permissible access or not? If the state won’t investigate, maybe HHS OCR will.

Related posts:

  • FTC Announces Hearings On Competition and Consumer Protection in the 21st Century
Category: Commentaries and AnalysesExposureHealth DataU.S.

Post navigation

← Massive data breach exposes wage and personal info of more than 637,000 Albanian residents
If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.