Attorney General William Sorrell filed a complaint and proposed settlement Friday with Health Net, Inc., and Health Net of the Northeast, Inc., regarding the health insurance company’s loss of an unencrypted portable hard drive containing protected health information. The complaint alleges violations of HIPAA (the Health Insurance Portability and Accountability Act), Vermont’s Security Breach Notice Act, and…
Category: Health Data
(follow-up) Junior doctor's stolen laptop: files had been emailed
Following up on the Hull Royal Infirmary and Castle Hill Hospital incident: Dan Raywood quotes a hospital spokesperson who indicates that the doctor had emailed the data to himself. It seems that while the hospital had controls in place to prevent downloading data, its controls to prevent emailing data were not adequate to prevent this…
Ingenix discovers it may have been exposing health service providers’ SSNs for up to 5 years
This is one of those breaches where I really don’t blame the company, which in this case is Minnesota-based Ingenix. Ingenix provides web-based lookups so that patients can find providers in their area covered by their health plan. The provider data Ingenix uses is provided by the health plans or preferred provider plans themselves. Ingenix…
Abbott Medical Optics reports backup tapes with Baylor patients' info stolen
Baylor College of Medicine Department of Ophthalmology has been notified by Abbott Medical Optics that certain backup tapes of information from equipment utilized by the department of Ophthalmology were taken from AMO’s Malpitas, California location. AMO representatives reported that they do not know who took the backup tapes or when they were taken. The information…
(follow-up) Privacy czar orders Ottawa Hospital to tighten rules on personal information
Hugh Adami reports: The Ottawa Hospital has again been ordered by Ontario’s privacy commissioner to examine its rules and practices relating to personal health information, following another electronic breach of a patient’s medical records. Information and Privacy Commissioner Ann Cavoukian says in a report that the hospital failed to comply with certain elements of a…
UK: Trust apologizes for stolen patient information
Yesterday, I included an item about a junior doctor who violated security rules and uploaded patient data to his laptop, which was then stolen from his home. Today’s coverage in the Yorkshire Post indicates that the hospital involved is the Hull Royal Infirmary and Castle Hill Hospital, which is overseen by Hull and East Yorkshire…