Simon Plumb reports: A Ministry of Health email blunder has spilled private medical information of 24,000 Kiwis. Officials are investigating how a spreadsheet of National Health Index (NHI) numbers, containing the birth and death dates of 24,092 people, was emailed to around 950 pharmacists yesterday morning. The email was supposed to be sent internally. Security…
Category: Health Data
1,040 Sentara Heart Hospital patients notified of HIPAA breach
Elizabeth Simpson reports that a person or persons managed to steal two portable hard drives with PHI from two electrophysiology labs at Sentara Heart Hospital in August: The August theft of two portable hard drives from Sentara Heart Hospital’s electrophysiology labs led hospital officials to send letters about a security breach this week to 1,040 patients….
UK: 3,634 patients hit by East Sussex Healthcare Trust data breach
The Hastings & St. Leonards Observer reports that one of the trust’s consultants lost a thumb drive with data on over 3,600 patients. Hospital papers have revealed the confidential details of more than 3,500 patients were discovered on an unencrypted data stick. The incident was discussed at an East Sussex Healthcare Trust board meeting on…
Reports slam OCR’s poor oversight of HIPAA covered entities, breach followup efforts
If you follow HHS’s public breach tool and investigations closely, two reports from the Office of the Inspector General (OIG) finding lax oversight and insufficient follow-up will come as no surprise. Susan Hall of FierceHealthIT has a good recap: The former report was based on reviews of a statistical sample of privacy cases investigated by OCR between September…
Major Patient Privacy Breach Alleged At Palo Alto VA
Benjamin Krause writes: VA OIG just reported that Palo Alto VA Health Care System unlawfully gave patient data to a private IT company despite employees not having cleared background checks. The watchdog investigated allegations that the Palo Alto VA informatics chief entered into an illegal agreement with a health care company called Kyron. VA OIG confirmed allegations…
Data breach lawsuit against former parent company of Flowers Hospital survives motion to dismiss
There’s a noteworthy update to a lawsuit against Triad of Alabama, the former parent company for Flowers Hospital, whose employee was convicted on both federal and state charges for stealing and trafficking in patient information for tax refund fraud. The breach and earlier developments in the lawsuit were covered on PHIprivacy.net. Today, Lance Griffin reports that the amended class…