Sometimes we find out about breaches from student publications. Daily Bruin reporter Kylie Reynolds writes:
A UCLA Health System audit report containing private patient information was posted online earlier this month, though it remains unclear how many people were affected, according to a letter from a health system official obtained by the Daily Bruin.
The report was on the billing practices of the UCLA Health System’s Emergency Department and was sent to the UC Office of the President, according to the letter sent last week by UCLA Medical Sciences chief privacy officer Robert Gross.
A Health System employee attached information containing the first and last name and a five-digit billing code related to a patient who visited the Emergency Department in May 2011 to the audit report. There was no information included that related to the patient’s specific visit, and social security numbers and addresses were also not posted, the letter stated.
Read more on The Daily Bruin, and kudos to the student publication for covering the incident and providing details on the kinds of questions I tend to ask, such as “how and when did the entity first learn of the breach?”