Alex Burness reports on a situation that should concern patients: At least nine Boulder Community Health patients have had copies of their personal medical records stolen either from inside or nearby the hospital’s Foothills campus, then mailed to them by an anonymous source. It’s the third such breach the hospital has investigated since 2008. In…
2005 called and they want their reassurances back
Am I the only one who actually feels embarrassed these days to read a breach notification that tries to reassure those notified by emphasizing that the data were password protected? Consider this excerpt from a breach notification written last month: However, the information on the server is password protected. Accordingly, for any unauthorized person to gain…
OCR dismisses Walgreens ‘Well Experience’ HIPAA complaint
Patrick Ouellette reports that OCR has dismissed a complaint filed about Walgreens “Well Experience” program. The complaint was mentioned previously on this blog: The Office for Civil Rights (OCR) has officially completed its investigation into the Walgreens “Well Experience” program and dismissed the complaint filed by the activist group, Change to Win (CtW), after finding…
Will Unearthing the FTC’s Data Security Standards Help the Health Care Industry?
Elizabeth Litten of Fox Rothschild writes: …. As described in prior posts on this blog, the Federal Trade Commission (FTC) has brought numerous enforcement actions against businesses based on its decision that the businesses’ data security practices were “deceptive” or “unfair” under Section 5 of the FTC Act. When I last checked the FTC’s website, there were 54…
Prêt a Manger worker gets up to four years in prison for stealing more than 100 customers
A follow-up to an insider skimming breach noted here in August 2013. Shayna Jacobs reports: A former Chelsea Prêt a Manger employee who was behind the identity theft of over 100 of the eatery’s customers was sentenced to up to four years in prison Wednesday. Nigel McCollum, 23, previously pleaded guilty to identity theft, forgery,…
Internet exposure breach results in $4.8 million HIPAA settlements
From HHS, a press release concerning a settlement arising from a breach previously covered on this blog: Two health care organizations have agreed to settle charges that they potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules by failing to secure thousands of patients’ electronic protected health information…