EqualizeRCM Services is a vendor providing billing and collection services to healthcare providers. In compliance with HIPAA, it has Business Associate contracts with its clients, who provide it with the information needed to fulfill its functions. The firm has headquarters in Austin, Texas, and offices in Houston and Washington, D.C. On February 29, EqualizeRCM learned that a…
Category: Subcontractor
Stanford University continues to investigate breach involving employee W-2 data
There’s been an update to a previously noted breach report out of Stanford University. On April 12, I had reported that compromise of employees’ W-2 data had been linked to the university’s service vendor, W-2 Express, a service of Equifax. The breach did not appear to involve a breach of W-2 Express’s system or of Stanford University’s network. Rather,…
Florida Hospital Medical Group notifies patients after transcription service error
Florida Hospital Medical Group recently notifed HHS of a breach affecting 1,906 patients. Although the breach reportedly involved a transcription service, the entry on HHS’s public breach tool does not indicate any business associate was involved. In digging into this report, I found that the Orlando Sentinel had reported the incident on April 8: If you’re…
Settlement reached in lawsuit after laptop stolen from Edmonton Medicentre
Bill Mah reports that a lawsuit filed after a 2013 Medicentres breach has settled. The incident involved a laptop with information on 620,000 Albertans being stolen from the clinic. The laptop belonged to an employee of their IT consultant, AbleIT Inc. The Privacy Commissioner would later rule that the clinic had failed to adequately protect their…
Another Greenshades client discloses breach of employee info
Add University of the Southwest to your list of those notifying current and former employees that their W-2 or payroll information was accessed without authorization from their vendor, Greenshades. But don’t jump to conclude that the fault is with Greenshades, because the tax filing vendor says the problem is not with them. Following up on previous breach…
dōTERRA letter informs customers of possible data breach
McKenzie Romero reports: A letter sent to customers and distributors from doTERRA, the Utah-based essential oil company, is warning that an apparent data breach last month may have compromised their personal information. A letter dated April 18 explains that a breach of doTERRA’s third-party data hosting and software service provider may have accessed the names,…