Over on HealthITSecurity.com, Patrick Ouellette notes that American Health Information Management Association’s (AHIMA) recently published a Breach Management Toolkit. The tool requires an AHIMA membership, but the Journal of AHIMA detailed what the tool has to offer providers and a sample of required elements within a data breach notification letter. Patrick reports that the toolkit discusses five critical pieces of…
Category: Health Data
NY: Albany Medical Center nurse charged with stealing patient identities
Tim O’Brien reports: A nurse at Albany Medical Center is accused of stealing the identities of patients for at least a year and possibly as many as four, Sheriff Craig Apple said Wednesday evening. She and her live-in boyfriend then used the information to set up credit card accounts and to print fake bank checks, he said. The nurse was…
Boulder Community Health investigating patient records allegedly acquired from unlocked bins or dumpsters
Alex Burness reports on a situation that should concern patients: At least nine Boulder Community Health patients have had copies of their personal medical records stolen either from inside or nearby the hospital’s Foothills campus, then mailed to them by an anonymous source. It’s the third such breach the hospital has investigated since 2008. In…
Will Unearthing the FTC’s Data Security Standards Help the Health Care Industry?
Elizabeth Litten of Fox Rothschild writes: …. As described in prior posts on this blog, the Federal Trade Commission (FTC) has brought numerous enforcement actions against businesses based on its decision that the businesses’ data security practices were “deceptive” or “unfair” under Section 5 of the FTC Act. When I last checked the FTC’s website, there were 54…
Internet exposure breach results in $4.8 million HIPAA settlements
From HHS, a press release concerning a settlement arising from a breach previously covered on this blog: Two health care organizations have agreed to settle charges that they potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information…
ID: Larsen Dental Care notifies patients of stolen hard drive
From their website: Notice of Stolen External Hard Drive Larsen Dental Care is notifying the public of a recent incident which could result in possible exposure of certain types of information. On March 4, 2014, an external hard drive was stolen from an employee’s vehicle. We immediately reported the theft to the police, filed a police report, and…