Louie Rosella reports: Ontario’s Privacy Commissioner is investigating a privacy breach at Credit Valley Hospital after the personal health records of five patients were “improperly accessed” by an employee at a nearby medical building. One of the complainants, who asked not to be identified, said the hospital sent her and her husband a letter after…
Category: Health Data
Two more medical groups notifying patients of Bizmatics security incident
Unbelievable. Entities are still first notifying patients of the Bizmatics, Inc. breach. The North Ottawa Community Health System says it is erring on the side of caution following notification that the third-party electronic medical record company it uses for primary care patients might have had its computer servers breached. NOCHS spokeswoman Jen VanSkiver said the…
Ca: Eastern Health Authority reports stolen doctor’s briefcase contained patient files
Eastern Health Authority in Newfoundland has reported a second breach in three months. This one involves the theft of a physician’s briefcase. Their statement: June 8, 2016 – St. John’s, NL: Eastern Health advised today that it has experienced an accidental breach of privacy of 34 of its patients. The accidental breach occurred when a physician’s car…
House Energy And Commerce Committee Reviews Cybersecurity Practices At HHS
King & Spalding write: On May 25, 2016, the House Energy and Commerce Subcommittee on Health held a hearing to examine the Department of Health and Human Services’ (“HHS”) cybersecurity responsibilities. The hearing focused on legislation that would create a new office within HHS, the Office of the Chief Information Security Officer (“CISO”), consolidating information…
ERISA and Cybersecurity
Larry Goldstein of McGuireWoods LLP writes: Employee benefit plan data stored online may include participants’ names and Social Security numbers, account information and protected health information (PHI), all of which are inviting targets for hackers. Highly-publicized data breaches in recent years have called attention to the obligations of benefit plan administrators (typically the employers sponsoring…
Low-tech break-in results in breach notification in Phoenix
The administrative offices of Mountain Park Health Center in Phoenix was burglarized on March 22nd. Burglars rifled through the contents of locked file cabinets containing personnel information, but none of the contents were stolen. The kinds of employee information in the files included names, addresses, telephone numbers, SSN, dates of birth, and limited financial information. Through…