Sakari Aalto discusses findings from a survey conducted by Finland’s Office of the Data Protection Ombudsman. The survey, carried out at the end of 2012, surveyed 74 companies and organizations that had experienced data security breaches during October – December 2011. Aalto writes, in part: In an alarmingly large proportion of companies (30%), the security…
U. of Mississippi Medical Center notifies patients seen between 2008 – 2013 of breach
Their notice, posted on their site: This notice is to inform University of Mississippi Medical Center patients of a recent breach of patient health and personal information. Federal and state laws require health-care institutions to notify patients potentially affected by such incidents. In this case, due to insufficient contact information for those who may be…
Analyzing foreign health data breaches
Patrick Ouellette puts my blog to good use in his discussion of non-U.S. health data breaches. Read his commentary on HealthITSecurity. For a long walk down memory lane or to browse non-U.S. breaches, scroll through the Non-U.S. Breaches category of this blog. But grab your coffee or favorite beverage first: I’ve posted over 550 blog…
UK: Payday loans firm loses licence over identity theft loans
We don’t see this too often, but lack of adequate security costs this business its business, and the consequences were imposed by a regulator. Out-Law.com reports: MCO Capital Limited made loans in the name of 7,000 people whose identity was used by fraudsters without their permission or knowledge. The loans totalled millions of pounds and…
CVS seeks to collect employees' health information
What would you say if your employer told you it needed your height, weight, body fat percent and other personal information for health insurance purposes? That’s what CVS is beginning to do. The company is telling workers who use its health insurance to have a wellness review done or pay up. CVS says the information…
NZ: Privacy Commissioner amends health code to protect newborn blood samples
Privacy Commissioner Marie Shroff has strengthened the Health Information Privacy Code 1994 to improve legal protections around newborn babies’ bloodspot samples. These samples are collected as part of a national newborn metabolic screening programme, also called the heelprick or Guthrie Test. The samples are held permanently unless parents request their return. The amendment will restrict…