[Update: The Irving incident affected 2,308 and the McKinney incident affected 1,253. Baylor Health declined to discuss their internal security policies, so we do not know if the doctors were violating any policy by having unencrypted PHI in their email accounts or if Baylor Health permits this.] Original article: After posting the two phishing reports from Baylor…
Category: Health Data
AHIMA offers data breach toolkit to healthcare providers and suits their action to their advice
Over on HealthITSecurity.com, Patrick Ouellette notes that American Health Information Management Association’s (AHIMA) recently published a Breach Management Toolkit. The tool requires an AHIMA membership, but the Journal of AHIMA detailed what the tool has to offer providers and a sample of required elements within a data breach notification letter. Patrick reports that the toolkit discusses five critical pieces of…
NY: Albany Medical Center nurse charged with stealing patient identities
Tim O’Brien reports: A nurse at Albany Medical Center is accused of stealing the identities of patients for at least a year and possibly as many as four, Sheriff Craig Apple said Wednesday evening. She and her live-in boyfriend then used the information to set up credit card accounts and to print fake bank checks, he said. The nurse was…
Boulder Community Health investigating patient records allegedly acquired from unlocked bins or dumpsters
Alex Burness reports on a situation that should concern patients: At least nine Boulder Community Health patients have had copies of their personal medical records stolen either from inside or nearby the hospital’s Foothills campus, then mailed to them by an anonymous source. It’s the third such breach the hospital has investigated since 2008. In…
Will Unearthing the FTC’s Data Security Standards Help the Health Care Industry?
Elizabeth Litten of Fox Rothschild writes: …. As described in prior posts on this blog, the Federal Trade Commission (FTC) has brought numerous enforcement actions against businesses based on its decision that the businesses’ data security practices were “deceptive” or “unfair” under Section 5 of the FTC Act. When I last checked the FTC’s website, there were 54…
Internet exposure breach results in $4.8 million HIPAA settlements
From HHS, a press release concerning a settlement arising from a breach previously covered on this blog: Two health care organizations have agreed to settle charges that they potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information…