One of yesterday’s posts on PHIprivacy.net reports a data breach involving Kelsey-Seybold Clinic that has not been reported in the mainstream media. I contacted Kelsey-Seybold after a site visitor alerted me to the breach. The report is frustratingly short on details, though, because Kelsey-Seybold could — and did — simply ignore questions it did not…
NZ: Police investigate alleged leak from DNA database
Police are investigating a claim an Environmental Science and Research worker has made an “inappropriate disclosure” from the national DNA profile databank. ESR said today a criminal investigation had started. “A staff member has been suspended pending the outcome of the police and internal investigations,” a spokeswoman said. The alleged security breach was the first…
Key West Rehab Center Cited for HIPAA Violation
The U.S. Department of Health and Human Services (HHS) determined that the program director at DePoo Chemical Dependency Facility in Key West, Fla., violated HIPAA, according to a story posted on Keynoter.com. DePoo is a 49-bed unit operated by Lower Keys Medical Center (LKMC). According to findings by HHS based on an anonymous complaint, the…
Follow-up: No charges will be filed for improper disposal of medical records
The Catoosa County News provides a follow-up on a case I had reported here: The family member of the doctor whose sensitive medical records were found in a dumpster in Hixon, Tenn., two weeks ago will not be charged with any crime. According to Jerri Weary, public information officer with the Chattanooga Police Department: The…
OIS Commentary: Is this really necessary?
Capstone Dental Center, PC (dba Arnerident Dental Associates) recently notified (pdf) the New Hampshire Attorney General’s Office that an email address for one doctor was typed incorrectly. As a result, attachments containing unencrypted dental information and the Social Security number of one patient were sent to the email address of a dairy farmer located in…
CDT Comments on FTC Health Data Breach Notification Rulemaking
From CDT.org: CDT, together with the Markle Foundation and others, filed comments with the Federal Trade Commission (FTC) regarding new requirements on how to notify patients when unsecured personal health record (PHR) data has been breached. In the comments, CDT called on FTC to work with the Department of Health and Human Services to ensure…