Over on Technology Liberation Front, Jim Harper responded to my post that asked what can we learn from the first year of HHS breach reports. He starts by taking me to task for seemingly glossing over what he sees as important considerations: …. The post gives extremely light treatment to the possibility—indeed, the likelihood—of noncompliance…
Category: Health Data
'Scrapers' Dig Deep for Data on Web
Julia Angwin and Steve Stecklow report: At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its “Mood” discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves. It was a break-in. A new member of the site, using sophisticated…
Pointer: Lots of health data breaches reported to HHS, only trivial ones to FTC
Steve Gantz comments on the apparent discrepancy in breach reports received by the FTC from PHR vendors and by HHS: It seems fair to ask, can any substantial conclusions be drawn from the paucity of breaches reported to the FTC or their relative triviality? No one appears to be suggesting that the data protection practices…
Prescription for fraud: stealing professionals' identities
When we talk about ID theft in the healthcare sector, we usually think of patients’ identities being stolen. Occasionally, though, I’ve seen reports where providers’ identities were stolen to further some other scheme such as obtaining prescription medications or insurance fraud. The National Post in Canada has this story about how common this latter type…
Medco coding change exposes prescription benefit data
They probably wished it was an April’s Fool joke, but it wasn’t. On April 1, United Healthcare learned that their business associate, Medco, had suffered a computer system error that exposed members’ prescription benefit messages on the Medco web site to other members. In a letter dated May 24 to the Maryland Attorney General’s Office,…
Watch those portable devices, Tuesday edition
Maryland-based HomeCall Inc. recently notified the Maryland Attorney General’s Office that an employee’s portable point-of-care device was stolen. The device contained names, addresses, SSN, medical record number, diagnoses, and treatment information. HomeCall reports that the device was “multi-level password protected” (but not encrypted). In correspondence to those affected, HomeCall stated that the device…