Jim Edwards asks, “Why Do Police Want a Centralized Database of Flu Sufferers?” A federal law intended to restrict the crystal meth trade is leading to a centralized police database of flu sufferers. In a rash of recent cases across the South and Midwest, people innocently buying the nasal decongestant pseudoephedrine – often sold as Pfizer (PFE)’s Sudafed, Dimetapp,…
VA monthly report for September reveals possible access control issue
The Department of Veterans Affairs has released its monthly report to Congress on data breaches. For the period August 30 – October 3, the reported incidents included: 33 incidents involving mis-mailed prescription medication packages by the Consolidated Mail Outpatient Pharmacy [out of 7,144,426 total packages (10,510,547 total prescriptions) and 60 Mis-Handling incidents (these might involve…
CIO Fired After Others May Have Accessed Her EHR
Gerry Higgins writes: A prominent CIO of a regional hospital system encountered the limitations of HIPAA and so-called “Protected Health Information (PHI)” when her boss fired her after a short medical leave of absence. After years working without taking vacation, a family catastrophe that affected her health prompted her to take a medical leave of…
HIPAA, Twitter, and the Siren's Call
After my dismay at how a breach seemed to be casually revealed on Twitter last weekend, I thought I’d keep an eye out for situations in which use of social media might raise the specter of the HIPAA privacy rule. In the example below, I do not think that the twitterer violated the rule in any particular…
UK doctors’ personal data found on used hard drive sold online
There have been many instances in the U.S. of personal data showing up on equipment sold at online and offline auctions. Once such case in the U.K. involved doctors’ data and the company responsible for the data, Healthcare Locums Plc (HCL), a UK specialist healthcare recruitment agency, has now been found in breach of the Data Protection Act…
Woman gets 18 months for ID theft for misusing her kids’ identities
The Identity Theft Resource Center and Privacy Rights Clearinghouse have both been active in trying to highlight the growing risks of children having their identity information misused for fraud. In too many cases, the perpetrators are their own parents. Although I generally don’t report all these cases on this blog, here’s a case in Maryland…