Michael Kline writes: A party (Party) to a HIPAA Business Associate Agreement (BAA) or Subcontractor Agreement (SCA), whether a covered entity (CE), business associate (BA) or subcontractor (SC), may struggle with the question as to whether to agree to, demand, request, submit to, negotiate or permit, an indemnification provision (Provision) respecting the counterparty (Counterparty) under…
PayJunction notifies sales agents of breach
PayJunction is notifying sales agents that their names, Social Security numbers, and bank account numbers may have been compromised by unauthorized access to a backup of an internal business system. In a letter sent to those affected, Randy Modos, President of PayJunction, writes that they learned in late September of the July breach. The letter…
Petrochem notifies employees of stolen laptop containing their Social Security numbers
Vallejo-based Petrochem is notifying employees that a laptop with their personal information was stolen from a fellow employee’s car on July 18: On the evening of July 18, 2013, an unknown person broke into the locked car of a Petrochem employee and took a laptop computer, various documents and other items. Stored on the stolen laptop…
HHS's breach reporting: has it lived up to its promises and mandates – Sound off!
I’ve occasionally (*cough*) expressed my frustration with HHS’s breach tool and the fact that breaches do not get added to the tool immediately, their fields are confusing and they don’t provide the narrative from the breached entity that might better describe or explain the breach, and you can’t get the breach reports until HHS has…
UnityPoint Health notifies 1,800 patients after contractor's employee inappropriately accessed electronic medical records
Business Record reports: Law enforcement personnel are investigating a data breach of West Des Moines-based UnityPoint Health‘s electronic medical records (EMR) system. Personal information of approximately 1,800 hospital patients from across UnityPoint Health’s operating regions may be at risk from the security breach in the system, which was discovered Aug. 8 during the course of…
Statement from St. Mary's Janesville Hospital
St. Mary’s Janesville Hospital in Wisconsin, a member of SSM Health Care, posted this statement on their web site today: On August 27, 2013, we received a report that an SSM Health Care laptop was stolen from an employee’s car during a break-in. We are sincerely sorry this happened and want to provide pertinent information…