A North Wales police detective has been fined £4,000 and ordered to pay £1,000 costs after disclosing police information to a suspected criminal. Vaughan Roberts, from Rhos on Sea, Conwy, accessed information about a friend on the police computer, Caernarfon Crown Court heard. Roberts, who was convicted of two offences earlier this month, had accepted…
Ca: RMC patient info might have been compromised
Gene Zaleski reports: The Regional Medical Center has offered identity theft coverage to about 200 patients after discovering a possible breach of its computer system. RMC President Tom Dandridge said the hospital’s auditor found an former employee’s password may have been used to access medical records. “We could not determine whether there had a been…
Patient Loses Appeal of HIV Disclosure Verdict
Jeff D. Gorman reports: A hospital and one of its nurses are not liable for disclosing a woman’s HIV-positive status to family members who visited her, the Missouri Court of Appeals ruled. Candy Ziolkowski sued the Heartland Regional Medical Center for violation of a Missouri law that keeps the HIV status of patients confidential. She claimed…
More on the "harm" threshold (and its possible demise)
Over on HIPAA Blog, attorney Jeff Drummond writes: More on the “harm” threshold (and its possible demise): During this past week, the AHLA “HIT list” listserv has buzzed with commentary on the “harm” threshold (in large part started by the NYT article mentioned here), whether it should even be in there (or is an unconstitutional…
NC Office of the State Auditor: ESC employees violating copyright law on state computers
An audit by the North Carolina Office of the State Auditor indicates that what at least one employee in the Employment Security Commission (ESC) was doing on state computers and state time was, well, illegal. The report (pdf), released yesterday, reveals: Our examination of computers and disk drives assigned to a Systems and Operations Analyst (Systems…
Connecticut Insurance Commissioner Announces Data Breach Notification Mandate
Joseph Lazzarotti of Jackson Lewis writes: On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any “information security incident.” This post provides a brief summary of this new requirement. […] What is an “information security incident”? Under this Bulletin, an…