As an update to previous coverage on the Henry Ford Health System breach involving a stolen laptop containing unencrypted PHI: 1. The breach affected 3,700 patients according to the hospital’s notification to HHS under the breach notification requirement of HITECH. 2. The hospital posted a notice to its web site on Nov. 19: Henry Ford…
Search Results for: patient
Federal Appeals Court Overturns Vermont Law that Restricted Commercial Use of Physician Information
IMS Health issued the following press release: The U.S. Court of Appeals for the Second Circuit today ruled that a Vermont law restricting the commercial use of information relating to physician prescribing patterns is unconstitutional. Judge John G. Koeltl wrote the majority opinion overturning an April 2009 U.S. District Court decision, concluding the Vermont law…
(update and correction) North Carolina Baptist Hospital/Wake Forest University Baptist Medical Center breach
Back in March, I noted that HHS had added a breach report to their web site from North Carolina Baptist Hospital. At the time, the only information I had was from the HHS log showing that the PHI of 554 individuals was involved in the theft of paper records on February 15 and I did…
House Bill to Limit Scope of Red Flags Rule with Amended "Creditor" Definition
Hunton & Williams have an informative law blog, Privacy and Information Security Law Blog, and if you haven’t already bookmarked, you should. Yesterday they wrote: On November 17, 2010, Representative John Adler (D-NJ) introduced the Red Flag Program Clarification Act of 2010 (H.R. 6420) to “amend the Fair Credit Reporting Act with respect to the…
Liberty Coalition gives University of Hawaii an ‘F’ for data breaches
In a news report headlined, “Data breaches earn UH an ‘F’,” Gordon Y.K. Pang reports: A national organization has given the University of Hawaii a grade of “F” for online security breaches that exposed Social Security numbers and other sensitive information in nearly 260,000 records. The Liberty Coalition, a nonprofit civil liberties watchdog group, yesterday…
VA report to Congress on data incidents in October
The Department of Veterans Affairs October report to Congress on data incidents is available online. Here are some breaches of note contained in the report: A Regional Office (RO) guard at the Veterans Benefits Administration in Tennessee found an unencrypted thumb drive inside the facility doors on October 8. The guard took the drive home…