From their press release: The Oregon Clinic announced today that a data security incident may have affected protected health information (PHI) within an email account. On March 9, 2018, The Oregon Clinic learned that an unauthorized third party accessed an email account. The Oregon Clinic immediately disabled the unauthorized access to the account and began…
Category: Health Data
Protection of Patient Health Information at Navy and Air Force Military Treatment Facilities
Audit: DODIG-2018-109 (pdf) From the audit’s findings: Officials from the DHA, Navy, and Air Force did not consistently implement security protocols to protect systems that stored, processed, and transmitted EHRs and PHI at the locations tested. Specifically, we identified issues at the Naval Hospital Camp Pendleton; San Diego Naval Medical Center; USNS Mercy; 436th Medical…
HIV Patient’s Records Leaked, UAMS Fires 3
KARK reports: University of Arkansas Medical Sciences fired three employees over sharing an HIV patient’s private medical information. The records included the patient’s name, age, surgical history, HIV status and employment information. The hospital says the employees were fired after being accused of violating their HIPAA oath. “We took action right away,” said Vice Chancellor…
FastHealth breach still first being disclosed to some clients’ patients
Ugh. The FastHealth breach is still dripping out with yet more people first being notified. This time, it’s Cullman Regional. There’s no provision in HITECH (at least as far as I know) that would require a business associate to make one public disclosure of how many patients, total, have to be notified about an incident….
WI: Class action lawsuit filed against UnityPoint over data breach disclosed in April
Ed Treleven reports: UnityPoint Health, which operates Meriter Hospital in Madison, delayed reporting a data breach and falsely told patients that information stolen during the breach did not include their Social Security numbers, according to a federal class-action lawsuit filed Friday. The lawsuit, filed in U.S. District Court in Madison, concerns a reported data breach…
Capital Digestive Care patient data exposed by vendor error
Sometimes by the time a notification appears on a state breach notification site, I’ve forgotten whether I ever reported it or not. Case in point: Capital Digestive Care in Maryland. I knew about it on February 22, and helped make the notification to them to get them to investigate it (it turned out to be…