First the statement from Indiana University Health Arnett Hospital from December 31: IU Health Arnett is committed to maintaining the privacy and security of personal information provided to us. Regrettably, this notice concerns an incident involving some of that information. On November 20, 2015, we learned that an unencrypted portable storage device was missing from…
Category: Health Data
MI: Farmington Hills mother admits stealing private personal records
Kevin Dietz has an update on an identity theft fraud case that I’ve noted previously on this site. Now Markitta Washington has admitted to stealing patient information as part of the tax refund fraud scheme. Washington, who according to court records took a job at two hospitals — the DMC’s Harper Hospital in Detroit and Henry Ford Hospital in…
40,000 Packages of Backlogged Claims Material Discovered at Single VA Office
This is absolutely disgraceful. Morgan Chalfant reports: More than 40,000 backlogged mail packages of veterans’ disability claims material were discovered at a VA regional office in Florida, according to a new report from the VA inspector general. Investigators also found more than 1,600 boxes of unprocessed veterans’ claims material at a scanning facility with which the St….
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Washington Hospital Healthcare System notifies individuals of breach
Washington Township Health Care District (Washington Hospital Healthcare System) recently notified the California Attorney General’s Office of a breach. Their template of their notification letter was uploaded yesterday. The letter, signed by Kristin Ferguson,, Chief of Compliance, explains that the District learned on October 8th that an unauthorized individual may have gained access to a computer associated with…
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused…