Category: Health Data

By now, you’d think that e-mail errors exposing people’s name in the To: or CC: fields would be a thing of the past.   Apparently, they’re not: Dave Savini reports that the Northstar Healthcare clinic in Chicago specializes in treating people with HIV or AIDS.  In July, they sent an e-mail with more than 170 patients’…

In response to yesterday’s announcement that Massachusetts Eye and Ear would pay a $1.5 million fine and enter into a corrective action plan, MEE issued the following statement: “The review of Mass. Eye and Ear by the U.S. Department of Health and Human Services (HHS) was triggered by the hospital’s proactive self-reporting of a doctor’s…

Just because you don’t remove the laptop from the office, don’t kid yourself that it’s secure.  We’ve seen a number of incidents where laptops have been stolen from offices where the failure to encrypt the laptops resulted in breach notice costs for the entities.  The latest entity to incur breach costs due to failure to…

Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as “MEEI”) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  MEEI also agreed to take corrective…

Speaking of the risk of mobile devices… Lahey Clinic reports that on July 1, a physician lost a Blackberry (or it was stolen) at an airport in France. On it were patients’ names, dates of birth, Lahey medical record numbers, diagnosis, and procedure names/test results. The clinic did a remote wipe of all of the…

Yet another insider breach – this one at New Jersey-based Quest Diagnostics. On August 17, Quest notified the New Hampshire Attorney General’s Office that in late July, it became aware that an employee had forwarded certain e-mails to their home personal account. Included in the e-mails were patients’ names, addresses, dates of birth, Social Security…