Just because you don’t remove the laptop from the office, don’t kid yourself that it’s secure. We’ve seen a number of incidents where laptops have been stolen from offices where the failure to encrypt the laptops resulted in breach notice costs for the entities. The latest entity to incur breach costs due to failure to…
Category: Health Data
Massachusetts provider settles HIPAA case for $1.5 million
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as “MEEI”) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. MEEI also agreed to take corrective…
Lahey Clinic breach: how seriously are some entities taking privacy and security?
Speaking of the risk of mobile devices… Lahey Clinic reports that on July 1, a physician lost a Blackberry (or it was stolen) at an airport in France. On it were patients’ names, dates of birth, Lahey medical record numbers, diagnosis, and procedure names/test results. The clinic did a remote wipe of all of the…
Insider breach at Quest Diagnostics results in notification to patients
Yet another insider breach – this one at New Jersey-based Quest Diagnostics. On August 17, Quest notified the New Hampshire Attorney General’s Office that in late July, it became aware that an employee had forwarded certain e-mails to their home personal account. Included in the e-mails were patients’ names, addresses, dates of birth, Social Security…
Feinstein Institute for Medical Research notifies 13,000 research participants after laptop with PHI stolen from employee's car
A press release from the Feinstein Institute for Medical Research: After learning that a laptop containing research study information was stolen from an employee’s car, the Feinstein Institute for Medical Research announced today it is sending letters to some research participants, advising of the possible disclosure of some personal and health information. “Although both the computer…
Sheffield Council investigating breach involving confidential paperwork of mental health patients
The Sheffield Telegraph reports: Sheffield Council could be fined up to half a million pounds for breach of the Data Protection Act after confidential paperwork about mental health patients was found ‘blowing around’ a city centre street. Well yes, it’s pretty much true for any breach that the entity could be fined and the maximum…