It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Category: Health Data
Washington Hospital Healthcare System notifies individuals of breach
Washington Township Health Care District (Washington Hospital Healthcare System) recently notified the California Attorney General’s Office of a breach. Their template of their notification letter was uploaded yesterday. The letter, signed by Kristin Ferguson,, Chief of Compliance, explains that the District learned on October 8th that an unauthorized individual may have gained access to a computer associated with…
Bucking Clapper? Massachusetts court holds patients have standing to sue based on mere exposure of data alone
In August, 2014, I noted a report involving a transcription contractor of Boston Medical Center exposing patient information on the Internet. BMC notified approximately 15,000 patients and fired MDF Transcription Services because of the incident. Of note, BMC told patients in a notification letter that it had no reason to believe their information had been misused…
NZ: Patients unaware staff prying in files
Martin Johnston reports: More than 70 upper North Island health workers have been disciplined for snooping into patients’ records in the past three years, and not all of the patients have been told. Most of the nosy staff – 61 – were at the Auckland District Health Board, where more than half of the disciplinary…
Hillsides, a Pasadena child welfare agency, warns of data breach
Brian Day reports on another insider breach involving a HIPAA-covered entity: A Pasadena child welfare agency has warned of a computer security breach that may have exposed the personal information of nearly 1,000 clients and staff members. Hillsides, 940 Avenue 64, announced the data breach Wednesday. It was first discovered Dec. 8, when Hillsides officials…
Few Consequences For Health Privacy Law’s Repeat Offenders
Regulators have logged dozens, even hundreds, of complaints against some health providers for violating federal patient privacy law. Warnings are doled out privately, but sanctions are imposed only rarely. Companies say they take privacy seriously. by Charles Ornstein and Annie Waldman ProPublica, Dec. 29, 2015, 4 a.m. This story was co-published with NPR’s Shots blog. When CVS Health customers complained…