Although no actual or attempted access or misuse of patient or guarantor information has been discovered, RCM Enterprise Services, Inc. (“RCM”) is providing notice to certain individuals regarding an error in the invoice mailing process that caused individually identifiable information to appear in the clear address “window” on medical invoices. RCM provides patient billing services…
Category: Paper
UK: Information Commissioner’s Office takes enforcement action against pharmacy
From the ICO: The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses,…
CRA loses box of ‘sensitive’ taxpayer information in truck accident
CRC News reports: The Canada Revenue Agency lost a bin containing Canadians’ tax information after the truck hired to transport the documents was involved in a highway accident earlier this year. The incident was just one of almost 150 privacy breaches reported to the Office of the Privacy Commissioner in the first six months of 2019,…
Months-Long Privacy Breach Involving Meal Tray Tickets at Zuckerberg SF General Hospital: DPH
Bay City News reports: The San Francisco Department of Public Health announced Tuesday a privacy breach at Zuckerberg San Francisco General Hospital involving patients’ meal tray tickets that were improperly disposed into regular garbage bins. The tickets, which contained patients’ full names, birth month and day, bed/unit location at the hospital, diet information and menu…
How can we screw up incident response? Let me count the ways — Monday UK Edition
This week, DataBreaches.net was reminded yet again of the risks of trying to alert an entity to a breach. This time, it was not me who was threatened or any of the whitehat researchers I know. This week, it was a citizen who found patient records on the street in his town and undertook to…
OCR Secures $2.175 Million HIPAA Settlement after Sentara Hospitals Failed to Properly Notify HHS of a Breach of Unsecured Protected Health Information
OCR has announced another settlement. This one involves Sentara Hospitals, and it’s a somewhat surprising one in the sense that Sentara not only seems to have gotten the fundamentals of HIPAA and notification compliance wrong, but then they seem to have insisted in their wrongheaded ways even after HHS told them what their obligations were. …