Wright-Patterson Medical Center in Dayton, Ohio, notified 3,800 patients after a notebook was left overnight in a conference room and recovered the next morning behind a chair, apparently after being dropped, according to the Dayton Daily News. Names and Social Security numbers on sign-in sheets were among the information on the notebook.
Massachusetts Eye and Ear Infirmary and Massachusetts Eye and Ear Associates Inc. (collectively referred to as “MEEI”) has agreed to pay the U.S. Department of Health and Human Services (HHS) $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. MEEI also agreed to take corrective action to improve policies and procedures to safeguard the privacy and security of its patients’ protected health information.
On June 26, OCR announced a resolution agreement and corrective action plan with Alaska's Medicaid agency, the Alaska Department of Health and Social Services ("DHSS"). The precipitating event was the theft of a portable external hard drive from the vehicle of a DHSS employee. According to the breach data that DHSS submitted to OCR, the incident involved the records of 501 individuals, a relatively small amount compared to other breaches on OCR's breach report website.
This time the institution is Beth Israel Deaconess Medical Center in Boston. The personal laptop of a physician was stolen and the hospital now is notifying almost 4000 patients about the breach of their personal health information.
The laptop contained summaries of medical information used for administrative purposes and about 225 administrative employee records, according to the hospital.
WASHINGTON, June 7, 2012 /PRNewswire via COMTEX/ -- Patients Concerned about the Privacy Rule's Impact on Research
People with chronic conditions and their family caregivers were surprised, disappointed, and angry to learn that federal privacy laws are inhibiting medical research that could lead to new treatments and cures. The National Health Council (NHC) today released the results of its focus group study on patient understanding of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.
A recent editorial entitled "Health privacy issues can be resolved without obstructing care" made a number of good points, but the one which caught me eye, perhaps because it is the one that I regularly expound is this: "But as a few recent cases show, universal encryption of data (some forms of which may soon be required under the latest HIPAA rules) could eliminate the biggest source of security breaches."
This episode demonstrates the need for well designed Business Associate Agreements.
The state of California works with IBM for disaster recovery services. A set of data cartridges was shipped to the IBM facility in Boulder Colorado to test the ability of IBM to run the software remotely. This is an important aspect of any HIPAA plan: disaster recovery and testing the disaster recovery plan.