Press release from the Kentucky (state) Cabinet for Health and Family Services: The Cabinet for Health and Family Services is informing approximately 2,500 clients by letter of a possible employee e-mail account breach that may have resulted in the unintentional release of information held by the Cabinet’s Department for Community Based Services (DCBS). In July,…
Category: Health Data
Northstar Healthcare exposes patients' e-mail addresses in e-mail blunder
By now, you’d think that e-mail errors exposing people’s name in the To: or CC: fields would be a thing of the past. Apparently, they’re not: Dave Savini reports that the Northstar Healthcare clinic in Chicago specializes in treating people with HIV or AIDS. In July, they sent an e-mail with more than 170 patients’…
Massachusetts Eye and Ear responds to $1.5 million fine
In response to yesterday’s announcement that Massachusetts Eye and Ear would pay a $1.5 million fine and enter into a corrective action plan, MEE issued the following statement: “The review of Mass. Eye and Ear by the U.S. Department of Health and Human Services (HHS) was triggered by the hospital’s proactive self-reporting of a doctor’s…
Bakersfield medical group notifies patients and providers of stolen laptop
Just because you don’t remove the laptop from the office, don’t kid yourself that it’s secure. We’ve seen a number of incidents where laptops have been stolen from offices where the failure to encrypt the laptops resulted in breach notice costs for the entities. The latest entity to incur breach costs due to failure to…
Massachusetts provider settles HIPAA case for $1.5 million
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as “MEEI”) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. MEEI also agreed to take corrective…
Lahey Clinic breach: how seriously are some entities taking privacy and security?
Speaking of the risk of mobile devices… Lahey Clinic reports that on July 1, a physician lost a Blackberry (or it was stolen) at an airport in France. On it were patients’ names, dates of birth, Lahey medical record numbers, diagnosis, and procedure names/test results. The clinic did a remote wipe of all of the…