HealthITSecurity dives into an issue that both this site and Protenus have often addressed: the gap between when entities first become aware of a breach or that something likely happened, and the date on which they send notifications to affected patients. In some cases, entities’ disclosures and notifications are more than 60 days after they…
Category: Health Data
NZ: Privacy breach: More than 100 Hauora Tairāwhiti patient files in Gisborne missing
Ben Leahy reports: A Gisborne physiotherapist who lost more than 100 patient files from her practice has been found guilty of misconduct due to the risk to her patients’ privacy. Jane Moore committed the privacy breaches from 2012 to 2015 while working as a physiotherapist for Hauora Tairāwhiti district health board, according to a recent…
AZ: Is a Desert Valley Dental breach ongoing? And did OCR order them to notify patients?
So this is something that I don’t recall ever seeing before as part of an initial breach disclosure. CBS5 reports: A Phoenix dental office has an ongoing breach of protected health information, Arizona’s Family learned Monday. The U.S. Department of Health and Human Services Office of Civil Rights ordered Desert Valley Dental to inform the…
In the process of notifying patients of a web exposure breach, Inmediata experiences a mail exposure breach?!
Reading the comments under the Inmediata press release is like watching a train wreck happen right in front of you. Many people are reporting that they have received multiple notification letters from Inmediata — many with the names of people who are unknown to them and who do not live at their address. One person…
Email breach exposes hospice patients
The Bulletin reports: An employee at Bend-based hospice Partners in Care was the victim of an email phishing attack that exposed the private health information of some patients. Partners In Care discovered the attack on March 4 and did an “extensive” forensic investigation and manual email review, according to a press release. The unidentified employee’s…
MS: Lauderdale County employees’ sensitive information exposed
Whitney Downard reports: More than 100 Lauderdale County employees had their sensitive information shared via email to other employees covered by the county’s healthcare plan in an accidental exposure Tuesday. Personal information in the email included names, social security numbers and phone numbers. Chris Lafferty, the county administrator, inadvertently shared the information in a county-wide email sharing health…