A laptop stolen from a Pathways Professional Counseling employee’s vehicle in September contained unencrypted personal, clinical, financial, and insurance information. Alabama Baptist Children’s Homes & Family Ministries, d/b/a Pathways Professional Counseling (PPC) appears to be a hybrid entity under HIPAA. PPC has numerous locations throughout Alabama and describes itself as a non-profit counseling ministry. Here is the…
Category: Theft
Lahey Clinic Hospital settles OCR charges stemming from theft of laptop used with CT scanner
Hot off the presses: there’s been another settlement announced by OCR. This one involves Lahey Hospital and Medical Center (Lahey Clinic Hospital), who have agreed to pay $850,000 and to adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Lahey is a nonprofit teaching hospital affiliated with Tufts Medical School, providing primary…
Follow-up: Boston Baskin Cancer improved data security safeguards following breach
Remember the Boston Baskin Cancer Foundation breach involving the theft of a hard drive from an employee’s home? The breach affected almost 57,000 patients and employees. Here’s the summary of OCR’s investigation into the incident: On December 2, 2014, a Boston Baskin Cancer Foundation employee’s laptop computer and external hard drive were stolen. The external hard…
Follow-Up: Company involved in NSUH-LIJ breach folded
In June, this site covered a breach affecting approximately 18,000 patients of North Shore-Long Island Jewish Health System. Unencrypted patient data, including SSN and clinical information, had been on five laptops stolen from Global Care Delivery, a Texas-based firm that contracted with North Shore-LIJ to process and collect payments owed by insurers to the hospital system. At the…
MA: Theft of two registrar’s laptops put Brandeis University students’ data at risk (Updated)
Abby Patkin reports: Two Apple laptops containing academic and personal information for all students enrolled or taking a course at the University from the summer of 2012 to the present were stolen from the University Registrar, according to a Nov. 12 email sent by Marianne Cwalina, the senior vice president for finance and treasurer. The…
CT AG Jepsen, Hartford Hospital, Contractor Reach Agreement Resolving Investigation into Breach of Unencrypted Patient Information
There’s an update to a breach that I previously noted in 2012, and it reinforces the importance of your business associate contracts and the importance of monitoring them if you’re a HIPAA-covered entity: Hartford Hospital and the EMC Corporation will pay $90,000 and have agreed to institute additional training and control measures to resolve an…