In this week’s developments, the FTC has filed its response/opposition to LabMD’s motion for summary decision. In other matters, the administrative law judge has denied LabMD’s motions in limine to exclude two expert witness’s testimony, noting that such exclusion would be premature and consideration of what should be excluded needs to be decided within the…
NY: Albany Medical Center nurse charged with stealing patient identities
Tim O’Brien reports: A nurse at Albany Medical Center is accused of stealing the identities of patients for at least a year and possibly as many as four, Sheriff Craig Apple said Wednesday evening. She and her live-in boyfriend then used the information to set up credit card accounts and to print fake bank checks, he said. The nurse was…
Non-profits Expose Personal Info, Hundreds of Thousands at Risk for Identity Theft
Hal M. Bundrick reports: Your charitable intentions could be exposing you to identity theft. Research conducted by security firm Identity Finder has found hundreds of thousands of examples of exposed personal data contained in the annual tax returns required to be filed by tax exempt organizations. These IRS Form 990s are scanned and open to…
Boulder Community Health investigating patient records allegedly acquired from unlocked bins or dumpsters
Alex Burness reports on a situation that should concern patients: At least nine Boulder Community Health patients have had copies of their personal medical records stolen either from inside or nearby the hospital’s Foothills campus, then mailed to them by an anonymous source. It’s the third such breach the hospital has investigated since 2008. In…
2005 called and they want their reassurances back
Am I the only one who actually feels embarrassed these days to read a breach notification that tries to reassure those notified by emphasizing that the data were password protected? Consider this excerpt from a breach notification written last month: However, the information on the server is password protected. Accordingly, for any unauthorized person to gain…
OCR dismisses Walgreens ‘Well Experience’ HIPAA complaint
Patrick Ouellette reports that OCR has dismissed a complaint filed about Walgreens “Well Experience” program. The complaint was mentioned previously on this blog: The Office for Civil Rights (OCR) has officially completed its investigation into the Walgreens “Well Experience” program and dismissed the complaint filed by the activist group, Change to Win (CtW), after finding…