Antony Savvas reports: The Information Commissioner’s Office (ICO) says many employers “appear to have a laissez faire attitude” to allowing staff to use their personal devices for business, which may be placing people’s personal information at risk. ICO commissioned YouGov to question 2,150 UK adults, which found that almost half (47 percent) now use their…
Bank of America Gets A Burn Notice
Krypt3ia analyzes the BofA leak, which I had mentioned on this blog, here. Here’s a snippet from his post: One of the problems I have with the Paranoia analysis is that they take it to the conspiratorial level and make it out to be some pseudo CIA like entity. The reality though is that from…
RQRHA did not adequately protect health information
Pamela Cowan reports: The Regina Qu’Appelle Regional Health Authority (RQRHA) failed to follow provisions of the Health Information Protection Act (HIPA) in a 2010 privacy breach, according to Saskatchewan’s Information and Privacy Commissioner. Gary Dickson’s office began an investigation into the Regina breach after 15 addressograph cards – blue cards attached to patients’ charts when…
$250,000 penalty issued to Lucile Packard Children's Hospital was an error – CDPH
A breach at Lucile Salter Packard Children’s Hospital in 2010 generated a number of posts on this blog – especially after the hospital was reportedly fined $250,000 by California for a delay in notifying patients of the breach. I recently reported that the hospital had settled its appeal with the state and did not have…
VA routinely transmitted sensitive information over unencrypted network – OIG. No, we didn't – OIT.
A report released yesterday by the Office of the Inspector General (OIG) for the Department of Veterans Affairs indicates that they substantiated allegations that the VA was routinely transmitting sensitive information, including PII, PHI, and internal network routing information, over an unencrypted telecom carrier network. The Office of Information and Technology (OIT) disputes their findings,…
HIPAA and state law privacy claims stand while medical malpractice claim falls
From the Michael H. Cohen Law Group: A federal court in Indiana rules that patient’s HIPAA and state privacy claims could stand, based on the allegation that a physician shared information about the patient’s medical condition with his employer. In Reed v. Rodarte, No. 2:11 CV 153 (N.D. Ind. Feb. 14, 2013), the court rejected the physician’s…