The St. Charles Health System may think they’ve met all their obligations in their handling of an insider snooping incident, but Deschutes County District Attorney John Hummel says the matter should have been reported to them for criminal investigation. Now that’s interesting to think about. If a covered entity is convinced that an employee snooped…
Category: U.S.
No, you can’t defend your reputation if it means revealing PHI without the patient’s consent
Here we go again, it seems. No matter how irate you may be a patient’s bad review and no matter how unfair you think it may be, no, you cannot just reveal their protected health information without their consent – even if they revealed some of it themselves. Patrick Danner reports: A San Antonio doctor…
TX: Email gaffe revealed 1,417 cancer patients’ email addresses
Cindy George reports: A “carbon copy” email sent last week from the Houston Methodist Cancer Center to patients showed the addresses of all recipients, potentially revealing their identities to the public and their association with the treatment facility. Patients were alerted about the issue by Houston Methodist in a letter dated March 16 and sent…
Oh those inadequately secured backup devices…
While I’ve been busy tracking W-2 phishing scams, let’s not lose sight of the fact that there are other ways for criminals to obtain W-2 or tax information, and that human error continues to turn assets into low-hanging fruit. Interpreters Unlimited recently notified the Vermont Attorney General’s Office that the contents of an employee’s backup device were…
Lane Community College notifies health clinic patients of potential breach
Dylan Darling reports: A virus-infected computer at the Lane Community College health clinic may have relayed patient information — names, addresses, Social Security numbers and more — to an unknown third party for more than a year, the college said Friday. LCC said it has sent letters warning 2,500 patients whose information may have been…
Neiman Marcus to settle long-running data breach litigation for $1.6m?
Law360 reports: Neiman Marcus has agreed to pay $1.6 million to resolve a data breach class action in Illinois federal court over a December 2013 cyber intrusion that revealed the credit card data of 350,000 shoppers of the luxury retailer, according to a court document filed Friday. Read more on Law360 if you have a…