Michigan’s Attorney General is aware of the Inmediata breach and its incident response cock-up that has been reported on this site. People have been complaining here and some have called the state to complain. Remember that in addition to complaining to your state consumer protection bureau or state insurance department, you can also file a…
Category: Health Data
United Arab Emirates: New law regulating data in the health sector
DLA Piper writes: The United Arab Emirates (UAE) federal government has issued Federal Law No. 2 of 2019 on the Use of Information and Communication Technology (ICT) in Health Fields (“ICT Health Law”). The objectives of this law are to: ensure the optimal use of ICT in health fields; ensure safety and security of health…
Sensitive patient records found on Cork city street
Catherine Shanahan reports: Documents with sensitive patient data identifying children and adults, details of surgical procedures, and reasons for missing appointments have been found on a busy city-centre street in Cork. The highly personalised information relating to patients attending Cork University Hospital (CUH) for plastic surgery was discovered by Luke Field, a Labour Party local…
Hong Kong gov’t dental clinic loses personal information of nearly 400 patients
Holmes Chan reports: A government-run dental clinic has lost an appointment book that contains the personal information of about 383 patients. The Department of Health revealed the incident on Thursday, saying that the Li Po Chun Dental Clinic in Tai Kok Tsui had lost information related to bookings made from January to June 2015. The…
LA: Madison Parish Hospital notifies 1,436 patients whose protected health information was improperly shared
Madison Parish Hospital Service District reported that 1,436 patients were impacted by an incident reported to HHS as Unauthorized Access/Disclosure of PHI located on “Desktop Computer, Email.” A notice on their web site provides some addition information: NOTICE OF PRIVACY BREACH We take patient privacy very seriously, and it is important to us that you…
Breaches Must be Reported No Later Than 60 Days After Discovery. Is HIPAA Unreasonable, Though?
HealthITSecurity dives into an issue that both this site and Protenus have often addressed: the gap between when entities first become aware of a breach or that something likely happened, and the date on which they send notifications to affected patients. In some cases, entities’ disclosures and notifications are more than 60 days after they…