Three strikes and you’re out, it seems. The Information Commissioner’s Office has just issued a monetary fine to Surrey Council after repeated instances of misdirected e-mails containing personal information. From the press release: The Information Commissioner’s Office (ICO) today served Surrey County Council with a monetary penalty of £120,000 for a serious breach of the Data Protection Act…
Category: Health Data
VA Caribbean Healthcare System to Provide Free Credit Monitoring to Veterans
This was posted on the U.S. Department of Veterans Affairs web site and dated May 20, 2011: San Juan, PR – The VA Caribbean Healthcare System is notifying and offering one year of free credit monitoring to 1,691 Veterans and staff whose personal information was left unsecured in an unrestricted area of the San Juan…
HealthCare Partners Notifies Patients of Breach of Unsecured Personal Information
From their press release, dated June 3: HealthCare Partners notified 15,727 patients of a breach of unsecured personal patient protected health information after discovering, on Monday, April 18, 2011, the theft of nineteen new computers from the medical group’s offices at 675 Arroyo Parkway in Pasadena and at 2600 Redondo Avenue in Long Beach. HealthCare…
UK: North Lanarkshire Council breach results in undertaking
The Information Commissioner’s Office has found North Lanarkshire Council in breach of the Data Protection Act following an investigation into a breach that occurred in October 2010. In a press release issued today, the office said: North Lanarkshire Council breached the Data Protection Act after the theft of a home support worker’s bag containing papers…
Greenville Hospital System: boxes of business records with patient info from Allen Bennett Memorial Hospital found in unsecured storage building
Earlier this year, Greenville Hospital System University Medical Center notified patients of a breach that does not appear on HHS’s breach tool. Kudos to GreenvilleOnline.com for noticing it and reporting on it. The undated notice, which is prominently linked from Greenville’s home page, appears to have been created on February 4, 2011: On December…
AZ: Casa Grande court clerk hid, took home records
Yesterday I updated a breach report on phiprivacy.net where a hospital employee had taken records home… and taken records home… and taken records home. According to hospital investigators, there was no indication that she used them criminally or intended to use them criminally, but the incident points out how many paper records may just “wander”…