An incident recently added to HHS’s public breach tool involves NYU Urology Associates. According to the log entry, 835 patients were affected by a breach that occurred on February 19, 2014. I was able to locate a statement on NYU’s website about the incident: NYU LANGONE MEDICAL CENTER NOTIFIES PATIENTS OF DATA BREACH October 10,…
Category: Uncategorized
For NYC Health & Hospitals Corporation, 2011 wasn't a great year for data security, Part 2
In the process of investigating a previously-unknown 2011 breach involving NYC Health & Hospitals Corporation (HHC), I discovered that they had a third breach in 2011 that was also only recently discovered and disclosed. This third incident is not in HHS’s public database and won’t be, because it involves less than 500 patients. A statement…
For NYC Health & Hospitals Corporation, 2011 wasn't a great year for data security, Part 1
It seems that 2011 was not exactly a stellar year for the NYC Health & Hospitals Corporation (“HHC”) for data security. The first HHC incident was the 2011 breach involving the theft of backup tapes with information on 1.7 million patients. HHC did not incur any monetary penalties for that breach. The second incident, not…
Terminated employee continued to access Bon Secours' patients' billing information
When an employee is terminated, their login credentials to vendors’ databases with PHI must also be terminated. How often do you verify that it is actually being terminated properly? Bon Secours Kentucky notified 697 patients that a former employee had improperly accessed their information from a billing database maintained by Athena. In a statement uploaded to…
UK: So much medical info…. and tied to your NHS number? Oh my….
If you’re in the U.K., you really should read this post from medConfidential. Here’s an excerpt from it: As NHS England begins to ramp up again towards the ‘pathfinder’ stage (see our last newsletter) the new narrative seems to be that the data to be extracted from your GP record is only “codes”. Quite aside…
HHS BULLETIN: HIPAA Privacy in Emergency Situations
HHS has released a new bulletin today, HIPAA Privacy in Emergency Situations, that covers sharing and safeguarding patient information. The bulletin was inspired by recent confusion concerning the disclosure of information concerning patients treated for, or suspected of having, Ebola. You can download the bulletin on HHS’s site, here (pdf). I