HHS has announced another enforcement action. This one stems from an investigation into a breach noted on this site in May, 2013. Raleigh Orthopaedic Clinic, P.A. of North Carolina (Raleigh Orthopaedic) has agreed to pay $750,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule…
Category: Subcontractor
Pain Treatment Centers of America notifies 19,397 patients of Bizmatics breach
Ouch. The Pain Treatment Centers of America and Interventional Surgery Institute in Arkansas have been notifying HHS and 19,397 patients about a security incident involving their vendor, Bizmatics. I had reported last month that Bizmatics’ breach impacted at least 30,000 patients of two other clients. PTCOA becomes the third provider we now know about. I’ve emphasized some statements in PTCOA’s notice,…
Denver Archdiocese payroll system breached, 18,000 at risk
So which vendor was responsible for this one? The archdiocese wouldn’t answer that question when I put it to them…. Tom McGhee reports: Authorities are investigating a data breach at the Catholic Archdiocese of Denver that put current and terminated employees, their dependents, spouses, and beneficiaries at risk of ID theft. A third-party software provider…
Fourteen school systems impacted by Innovak Intl breach – IRS
So Innovak International never responded to my inquiries, but an IRS investigator reportedly told others that 14 school systems – three in Alabama and 11 in Mississippi – were impacted by their breach involving employees’ w-2 statements. Innovak’s web site, which never looked particularly confidence-inspiring to me to begin with, has a statement that says: We are currently…
Alabama CVS’ patient information at risk after laptop stolen
Kelly Poe reports: A laptop that contained prescription and patient information on customers of a CVS Pharmacy in Calera has been stolen. CVS learned on March 22 that the password-protected laptop had been stolen from a vendor. The laptop contained information about customers who have had prescriptions filled at the CVS store at 8370 Highway 31…
US jury fines Tata Consultancy Services $940m for healthcare software ‘theft’
Speaking of a contractor’s employees exceeding authorized access, Chidanand Rajghatta reports that a Wisconsin federal jury slapped a $940-million penalty, including $700 million in punitive damages, on Tata Consultancy Services (TCS) for allegedly stealing healthcare software from an American company, Epic Systems. Epic Systems, a US-based electronics medical records vendor, had accused TCS of stealing documents and…