Sage Smiley reports:
The American Civil Liberties Union of Alaska said that it uncovered a “massive” violation of medical privacy laws by a software company used by the Alaska Department of Corrections. But the software company at the center of the complaint claims that’s “false and misleading,” and that there was no breach of data privacy.
The ACLU asserts that the electronic health record system used by DOC was displaying private health information of dozens of incarcerated Alaskans on a training website since at least November 2023.
The ACLU said that electronic records displayed diagnoses, prescriptions, and treatments of “at least 74” incarcerated Alaskans. That included people incarcerated at Lemon Creek Correctional Center in Juneau.
The electronic record system, called TechCare, pulled the records off of the training site on Tuesday after the ACLU publicly demanded that the DOC and TechCare’s parent company, NaphCare, take down the site or make it private.
The ACLU publicly reported the breach on its site on September 30.
As KYUK reports, NaphCare claims that the data inadvertently exposed were not real data and were just fictitious training data. But ACLU responded that those are real people even if the data was fictitious and that they are not retracting their complaint to HHS under HIPAA.
Read more at KTOO.