First, the notice from Allina Health in Minnesota: This notice concerns a privacy situation that occurred at the Allina Health Isles Clinic, located at 2800 Hennepin Avenue, Minneapolis, MN 55408. On October 27, 2015, Allina Health discovered that in limited circumstances, containers which may have had documents with patient information were being emptied into a…
Category: Health Data
Dumont hospital employees shocked Dr. Fernando Rojas returning to work
CBC News reports an update to a breach noted previously on this site. Many staff members at the Georges Dumont Hospital in Moncton do not welcome Dr. Fernando Rojas’ return to work. Rojas has not been working at the Georges Dumont since March 2014. The radiation oncologist looked at 141 female patient medical records without authorization…
Can a Business Associate be Liable for a HIPAA Breach When Its Client Isn’t a Covered Entity?
Yesterday morning, some of were following up on a ProPublica report about a New Jersey clinic who, when suing patients for overdue accounts, included their diagnostic codes in materials sent to their collection agency. Those records – containing the patients’ names, diagnostic codes, and treatment codes – became part of public court records. There were some…
NY dermatologist notifies patients after email error exposes PHI
Add Mary Ruth Buchness, M.D. to the list of medical practices that have reported a breach in 2015. On December 12, she submitted a copy of her notification letter to patients to the Vermont Attorney General’s Office. A copy of the notice is also prominently linked from her web site. Dr. Buchness writes, in part:…
Florida Agency For Healthcare Administration records with PHI sent to landfill by mistake
From Florida’s Agency for Health Care Administration, Dec. 21: HIPAA Notice of Improper Disposal of Protected Health Information. The Agency for Health Care Administration has determined that certain inspection records which may contain protected health information were improperly disposed of on November 12, 2015. On November 13, 2015, the Agency discovered that old inspection records of…
UK: Croydon Health Services NHS Trust gets wrist slapped by ICO over breach
From the Information Commissioner’s Office: An undertaking to comply with the seventh data protection principle has been signed by Croydon Health Services NHS Trust. This follows an incident where correspondence giving the outcome of a patient complaint had been misaddressed resulting in sensitive personal data being sent to an unintended recipient. On investigation the ICO…