When the CEO of Prime Healthcare and Shasta Regional Medical Center disclosed patient records in trying to defend themselves against a media report, I immediately noted that without the patient’s consent, they could not do that. Despite what was so obvious to most of us, they defended their disclosure, claiming that the patient had waived…
Category: Health Data
Ca: Info on 25,000 patients lost in Montfort Hospital security lapse
Chris Cobb reports: Montfort Hospital officials were scrambling on Friday to reassure thousands of patients that an unsecured USB data key lost by a hospital employee did not contain intimate details of their health issues. Information on the USB key, downloaded from a Montfort computer in contravention of hospital rules, contained information on more than…
At long last, HHS unveils Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules
From their press release: The U.S. Department of Health and Human Services (HHS) moved forward today to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The final omnibus rule greatly enhances a patient’s privacy protections, provides individuals new rights to their health…
St. Mark's Medical Center notifies patients after finding malware on system
St. Mark’s Medical Center in LaGrange, Texas notified 2,988 patients of a breach. From their notice of December 31, 2012: On November 15, 2012, we learned that on May 21, 2012, one of our employee’s computers had become infected with malware that appears to have been designed to look for personal information stored on the computer….
Dedicated server hosting three medical practices hacked; some patient information exfiltrated to Gmail account
Several medical groups in Massachusetts were notified by their hosting service, Clearpoint Design, Inc., that a dedicated server on Hosting.com was hacked on October 18, 2012. The practices affected were South Shore Medical Center, who notified 4,100 patients, Harbor Medical Associates, P.C., who notified 4,343 patients, and Child & Family Psychological Services, Inc., who notified 7,250 patients….
Central London Community Healthcare NHS Trust's appeal of ICO's breach penalty dismissed
Back in May, I noted that the Information Commissioner’s Office in the U.K. had issued a fine of £90,000 to Central London Community Healthcare NHS Trust after the trust had misdirected faxes containing sensitive information on 45 occasions during the previous year. The trust immediately announced it planned to appeal. Today, Robin Hopkins of Panopticon reports that the…