Back in September, PHIprivacy.net noted: 9News reports that Madison Street Provider Network, Inc., dba Omni Eye Specialists, Spivack Vision Center, Madison Street Surgery Center, Madison Street Anesthesia, and Madison Street Company Nurse Practitioner said they were a target of a data breach and will be notifying patients. Stay tuned, as there’s no notification on any web site(s) yet. The incident has now been added…
Category: Uncategorized
NYU Urology Associates notifies patients whose information was sent to a patient in March.
An incident recently added to HHS’s public breach tool involves NYU Urology Associates. According to the log entry, 835 patients were affected by a breach that occurred on February 19, 2014. I was able to locate a statement on NYU’s website about the incident: NYU LANGONE MEDICAL CENTER NOTIFIES PATIENTS OF DATA BREACH October 10,…
For NYC Health & Hospitals Corporation, 2011 wasn't a great year for data security, Part 2
In the process of investigating a previously-unknown 2011 breach involving NYC Health & Hospitals Corporation (HHC), I discovered that they had a third breach in 2011 that was also only recently discovered and disclosed. This third incident is not in HHS’s public database and won’t be, because it involves less than 500 patients. A statement…
For NYC Health & Hospitals Corporation, 2011 wasn't a great year for data security, Part 1
It seems that 2011 was not exactly a stellar year for the NYC Health & Hospitals Corporation (“HHC”) for data security. The first HHC incident was the 2011 breach involving the theft of backup tapes with information on 1.7 million patients. HHC did not incur any monetary penalties for that breach. The second incident, not…
Terminated employee continued to access Bon Secours' patients' billing information
When an employee is terminated, their login credentials to vendors’ databases with PHI must also be terminated. How often do you verify that it is actually being terminated properly? Bon Secours Kentucky notified 697 patients that a former employee had improperly accessed their information from a billing database maintained by Athena. In a statement uploaded to…
UK: So much medical info…. and tied to your NHS number? Oh my….
If you’re in the U.K., you really should read this post from medConfidential. Here’s an excerpt from it: As NHS England begins to ramp up again towards the ‘pathfinder’ stage (see our last newsletter) the new narrative seems to be that the data to be extracted from your GP record is only “codes”. Quite aside…