Critical Care, Pulmonary & Sleep Associates in Colorado has notified 23,377 patients of a privacy incident. Their on-site notice offers a useful reminder that while bad actors may be seeking to engage in financial theft or fraud, when files with ePHI are connected to employee email accounts, patients and HHS may wind up needing to be…
Category: Health Data
Ca: REPORT: Significant privacy breach at Belleville General Hospital
David Foot reports: According to newspaper reports, there’s been a privacy breach at Belleville General Hospital, in what Quinte Health Care officials are calling an isolated incident. The Belleville Intelligencer report says a nurse was fired over the incident for accessing “hundreds of patient records” and that, while QHC staff are trying to nail down…
Alaska notifying at least 500,000 residents about data security breach previously disclosed in June
Update: The state subsequently revised its estimate to 87,000 letters. How did it get the numbers so wrong — apart from the question of why it has taken so long to send out notifications. This does NOT inspire confidence in the state’s ability to protect ePHI and to notify people promptly in the event…
Privacy breach hits 45,000 recipients of Ontario’s disability support program
Kristin Rushowy reports: Ontario’s social services minister has apologized after the Mississauga disability support program office mistakenly emailed the private information of 45,000 people to 100 recipients. “On December 20th, due to a clerical error, the Mississauga ODSP office unintentionally shared some individuals’ information over email,” said Lisa MacLeod in a statement. [..] The December…
Valley Hope Association notifies patients after employee email hack
Note: VHA’s notice on their web site emphasizes that no diagnostic or treatment information was exposed. Given the nature of this provider, that will be a relief to many patients. Because this incident is not yet posted on HHS’s public breach tool, we do not yet have the number being notified. The following is VHA’s…
PHI of 1,002 Lebanon VA Medical Center Patients Exposed in Email Error
HIPAA Journal reports: Lebanon VA Medical Center in Pennsylvania has discovered the protected health information of hundreds of elderly patients has been impermissibly disclosed to a family member of a veteran. In November 2018, a member of staff at Lebanon VA Medical Center emailed a document to a family member of a veteran who was…