The University of Alberta Hospital is reporting that a burglary occurred earlier this month resulting in two laptops containing patient information being stolen. Alberta Health Services said the theft happened on June 4th, in the hospital’s Provincial Lab Information Technology room. Two laptops with health information of more than 300,000 people were stolen. Information on…
Category: Health Data
FTC Approves Consent Order in CVS Case
Following a public comment period, the Commission has approved a final consent order in the CVS Caremark case involving failure to adequately secure customers’ medical and financial data. Prior coverage of the case can be found here. Additional documents on the case can be found here. According to the complaint, CVS Caremark did not implement…
MN: Posting online can be invasion of privacy, Appeals Court rules
In a case that seems like deja vu all over again, the Minnesota Court of Appeals held that posting someone else’s embarrassing personal information on the Internet can be a legal invasion of privacy, regardless of how many people view the site. In this case, the personal information concerned a woman’s sexually transmitted disease that…
SVI police investigate leaked photo of deceased crash victim
Ghouls – and unprofessional ones at that. St Thomas/St John/Water Island Chief of Police Rodney Querrard released the following message to the USVI public on Tuesday in hopes of finding out who took a CELL phone picture of a deceased auto accident victim, then forwarded it. “It has come to my attention that a confidentiality…
AL: Medical records discovered in garbage truck, landfill
Hundreds of medical files with personal and medical details were found in and around a garbage truck at a landfill in Montgomery, Alabama. The records were marked, “Radiology Department, Baptist Medical Center.” Baptist Health uses a third party for some of its record disposal, and a spokesperson said that they are investigating the matter. Source:…
PCI-DSS: Not on health care provider's radar
Health care providers are certainly no stranger to data privacy and security standards related to protected health information (PHI). Although these providers and their respective organizations are well versed in rules, policies and requirements of HIPAA, few are aware that the PCI-DSS rules apply to their businesses and even fewer are compliant. When HIPAA compliancy…