Following revelations yesterday by the FBI and U.S. Attorney’s Office of a massive Medicare fraud scam that utilized patient data stolen, in part, from Orange Regional Medical Center in New York, I asked the center whether they had known about the breach when it occurred in 2005 and whether and when patients were notified of…
Now if it was your medical info, how would you feel?
On June 10, CareFirst BlueCross BlueShield notified the Maryland Attorney General’s Office of a breach involving member information. According to their letter, a CareFirst associate leaving the Canton office did not transport member information securely. As a result, part of a member’s file fell out of the associate’s bag, where it was discovered by someone…
Error by Veterans Affairs vendor exposed 3,936 veterans’ SSN in mailing
In its most recent report to Congress, the Veterans Affairs Department reported that on August 25, 6,299 out of the 69,366 “Benefit Summary” letters intended for veterans and non-veterans in Massachusetts were mailed to incorrect addresses. The letters contained the veterans’ and non-veterans’ benefit information including their claim number, which, in some instances, was the…
The war on drugs makes flu sufferers felons
Jim Edwards asks, “Why Do Police Want a Centralized Database of Flu Sufferers?” A federal law intended to restrict the crystal meth trade is leading to a centralized police database of flu sufferers. In a rash of recent cases across the South and Midwest, people innocently buying the nasal decongestant pseudoephedrine – often sold as Pfizer (PFE)’s Sudafed, Dimetapp,…
VA monthly report for September reveals possible access control issue
The Department of Veterans Affairs has released its monthly report to Congress on data breaches. For the period August 30 – October 3, the reported incidents included: 33 incidents involving mis-mailed prescription medication packages by the Consolidated Mail Outpatient Pharmacy [out of 7,144,426 total packages (10,510,547 total prescriptions) and 60 Mis-Handling incidents (these might involve…
CIO Fired After Others May Have Accessed Her EHR
Gerry Higgins writes: A prominent CIO of a regional hospital system encountered the limitations of HIPAA and so-called “Protected Health Information (PHI)” when her boss fired her after a short medical leave of absence. After years working without taking vacation, a family catastrophe that affected her health prompted her to take a medical leave of…