This is a follow-up to the incident previously reported here. The Information Commissioner’s Office (ICO) has found Salford Royal NHS Foundation Trust in breach of the Data Protection Act after the Trust reported a desktop computer containing sensitive personal information relating to around 3,500 patients was stolen. Although the computer was password protected, it was…
Category: Health Data
OIS Commentary: And some walls will come tumbling down
One of yesterday’s posts on PHIprivacy.net reports a data breach involving Kelsey-Seybold Clinic that has not been reported in the mainstream media. I contacted Kelsey-Seybold after a site visitor alerted me to the breach. The report is frustratingly short on details, though, because Kelsey-Seybold could — and did — simply ignore questions it did not…
Key West Rehab Center Cited for HIPAA Violation
The U.S. Department of Health and Human Services (HHS) determined that the program director at DePoo Chemical Dependency Facility in Key West, Fla., violated HIPAA, according to a story posted on Keynoter.com. DePoo is a 49-bed unit operated by Lower Keys Medical Center (LKMC). According to findings by HHS based on an anonymous complaint, the…
Follow-up: No charges will be filed for improper disposal of medical records
The Catoosa County News provides a follow-up on a case I had reported here: The family member of the doctor whose sensitive medical records were found in a dumpster in Hixon, Tenn., two weeks ago will not be charged with any crime. According to Jerri Weary, public information officer with the Chattanooga Police Department: The…
OIS Commentary: Is this really necessary?
Capstone Dental Center, PC (dba Arnerident Dental Associates) recently notified (pdf) the New Hampshire Attorney General’s Office that an email address for one doctor was typed incorrectly. As a result, attachments containing unencrypted dental information and the Social Security number of one patient were sent to the email address of a dairy farmer located in…
CDT Comments on FTC Health Data Breach Notification Rulemaking
From CDT.org: CDT, together with the Markle Foundation and others, filed comments with the Federal Trade Commission (FTC) regarding new requirements on how to notify patients when unsecured personal health record (PHR) data has been breached. In the comments, CDT called on FTC to work with the Department of Health and Human Services to ensure…