Joseph Goedert has an interesting article on Health Data Management about the South Shore Hospital breach, focusing on whether South Shore Hospital is required, under HITECH, to notify individuals by postal mail or if they can use the “substitute notice” provisions under Massachusetts law. Goedert writes, in part: According to a new statement on…
Author: Dissent
California State Agency Released Confidential HIV Information: ACLU and Lambda Legal Demand Explanation
Today Lambda Legal, the American Civil Liberties Union of Northern California (ACLU-NC), and HIV & AIDS Legal Services Alliance (HALSA) sent a letter to David Maxwell-Jolly, Director of the California Department of Health Care Services, demanding a full explanation for the unauthorized and illegal disclosures of confidential identifying information of approximately 5,000 HIV-positive Medi-Cal recipients….
California hospital fined $250k for tardy breach notice to state (updated)
If you’re supposed to report a breach to the state of California, you’d darn well better report it in a timely fashion. HealthLeaders Media reports that Lucile Salter Packard Children’s Hospital at Stanford University has been fined $250,000 by the California Department of Public Health for failing to report a patient records breach <del>by April 23</del>. The…
Unauthorized Computer Access and the California Penal Code
Attorney Andy Serwin writes: California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California. It is an offense if any person: knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order…
Wake up calls: some still hitting the ‘snooze’ button
Robert Lemos of Dark Reading writes: The recently revealed abuse of insiders’ system privileges to commit fraud at Sprint could be a wake-up call for other enterprises to implement more stringent security practices, experts said this week. How many times have we seen a similar statement in the past five years? How many times have…
UK: East Lothian Council exposes cabbies’ personal info on web site
Kirsty Gibbins reports: East Lothian Council has apologised over a “serious” staff error which saw the personal details and previous convictions of taxi licence applicants published on the local authority’s website for two hours. The names, addresses, telephone numbers, driving history and criminal records of 12 applicants for either taxi driver or operator licences –…