DataBreaches.Net

On August 7, Central Utah Clinic, P.C. posted a breach notification on their web site: PUBLIC NOTICE: Potential Central Utah Clinic HIPAA Breach PROVO, Utah. (Aug. 7, 2014) — Central Utah Clinic is committed to the protection of patient privacy and is notifying 31,677 patients, by letter, of a potential personal health information breach. On…

As I noted on August 28, the FTC had responded (pdf) to LabMD’s motion for sanctions (pdf) in FTC v. LabMD. On September 5, Administrative Law Judge Chappell denied LabMD’s motion. After summarizing the allegations and the FTC’s response, Judge Chappell writes: To support its Motion, Respondent asserts as fact numerous matters that are disputed by Complaint Counsel….

Tom Sullivan writes: When the Office for Civil Rights knocks on your door, asking about HIPAA compliance, it pays to be ready. And OCR is looking to audit providers ranging from large to small, and across a wide geographical distribution. That’s according to OCR’s senior advisor for health information privacy Linda Sanches. Speaking at the HIMSS Media…

Disclosing breaches shouldn’t be optional – regardless of whether we’re talking about the U.S., Canada, or the EU. Ellen Roseman writes: Do you have a right to be notified if your confidential data is exposed to others online? Only Alberta has mandatory security breach reporting. The federal government and some provinces are trying to change…

I’ve noted this breach before, but it’s interesting that the privacy commissioner has ordered the hospitals to post notices on their web sites. Lisa Queen reports: Humber River Hospital and North York General Hospital were required by the provincial privacy commissioner to post notices on their websites advising maternity patients that their personal information may…