HHS’s public breach tool continues to provide evidence of breaches involving patient information, but unfortunately, we often don’t know the details. The following incidents were recorded on their breach tool, but I have been unable to find any public notices (substitute notices or press releases) or web site notifications. Indeed, some of the practitioners listed…
Category: Uncategorized
Security lapse by Diamond Computing exposed Diatherix patients' information on the Internet for 22 months
Diatherix Laboratories in Alabama posted this notice on their site about a breach involving Diamond Computing Company: On August 7, 2014, the Compliance Officer of Diatherix Laboratories, Inc. notified 7,016 individuals across the United States that their protected health information (PHI) may have been accessed in connection with a security lapse. Background Information Diatherix provides clinical laboratory testing…
Central Utah Clinic reports server containing 31,677 patients' information was breached in 2012
On August 7, Central Utah Clinic, P.C. posted a breach notification on their web site: PUBLIC NOTICE: Potential Central Utah Clinic HIPAA Breach PROVO, Utah. (Aug. 7, 2014) — Central Utah Clinic is committed to the protection of patient privacy and is notifying 31,677 patients, by letter, of a potential personal health information breach. On…
Administrative law judge denies LabMD's motion to sanction FTC
As I noted on August 28, the FTC had responded (pdf) to LabMD’s motion for sanctions (pdf) in FTC v. LabMD. On September 5, Administrative Law Judge Chappell denied LabMD’s motion. After summarizing the allegations and the FTC’s response, Judge Chappell writes: To support its Motion, Respondent asserts as fact numerous matters that are disputed by Complaint Counsel….
OCR: Be prepared for HIPAA audits
Tom Sullivan writes: When the Office for Civil Rights knocks on your door, asking about HIPAA compliance, it pays to be ready. And OCR is looking to audit providers ranging from large to small, and across a wide geographical distribution. That’s according to OCR’s senior advisor for health information privacy Linda Sanches. Speaking at the HIMSS Media…
Ca: Tip leads to notification of security lapse
Disclosing breaches shouldn’t be optional – regardless of whether we’re talking about the U.S., Canada, or the EU. Ellen Roseman writes: Do you have a right to be notified if your confidential data is exposed to others online? Only Alberta has mandatory security breach reporting. The federal government and some provinces are trying to change…