HIPAA, Patient Privacy, Healthcare Data Security BYOD
Palm Beach County Health weathers latest health data breach

Palm Beach County Health weathers latest health data breach

Author | Date February 13, 2013

In what is turning into a trend, the Palm Beach County Health Department is dealing with another health data breach. A former employee was arrested Tuesday after allegedly stealing 2,800 patients’ protected health information (PHI).

The former employee, according to the Palm Beach Post, is Salita St. Simon, who has been fired from her senior clerk position, and the U.S. Attorney’s Office reports that she is being charged with identity theft. Compromised patient data includes names and Social Security numbers from the Palm Beach County Health Department computer system, which St. Simon allegedly gave to accomplices for tax fraud purposes. St. Simon faces up to five years in prison if convicted.

This breach should be concerning to patients because this isn’t the first time this has happen. PHIPrivacy.net explains that this department has had its issues with patient data privacy since 2005:

- In 2005, 6,500 HIV positive patients had their names on a confidential list that was accidentally sent in an email to 800 people

- In 2005, 15 pages from a confidential list of HIV-positive people was lost or stolen from an analyst’s desk. This incident appeared to be independent of the breach reported two months previously

- In 2007, confidential test results of patients who tested positive for various communicable diseases were found in file cabinet being sold at surplus auction

- In 2012, a system upgrade left names, Social Security numbers, dates of birth, and other information exposed on the Internet for two months

- In 2012, they learned – from others – that hundreds of clients’ names, dates of birth and Social Security numbers had been stolen by a senior clerk in the medical records department; 111 became victims of tax refund fraud

The Palm Beach County Health Department released a patient notice regarding the breach:

The Palm Beach County Health Department is issuing a public notice that some patients may have had confidential information contained in their records disclosed to an unauthorized source. The breach occurred when an employee took client lists containing names, dates of birth, and social security numbers. It appears that patients born in the years 1991 through 1996 were targeted. Medical information, bank accounts, credit card or other information was not included.

Related Resources:

  • doriza

    Thanks for posting this. My son was born in PB County, but we don’t currently live there. He was within the range of the targeted records. I don’t know where their public notice was posted but, unsurprisingly, we didn’t see it (if I wasn’t in this field & led to this story out of professional interest – we would never have known about it). How many others whose records were targeted no longer live at an address easily 15+ years out-of-date? How many others have no idea their records have been compromised?
    When records have been clearly STOLEN, not just possibly compromised, the standard for notification should be stricter. The records of the targeted 1991 – 1996 birth dates are for young people just coming into their professional lives and they will probably pay dearly for this carelessness. I think if they had made a decent effort they could have provided better notification. Geesh, ask the military recruiters for some pointers; they seem to have no problem finding these young people and (ostensibly) they don’t have their social security numbers, etc. And if they were forced to provide better (i.e. costlier) notification maybe they would exert more care or be able to make the ROI argument to provide better protective measures.
    For those using due diligence and protecting their records, it would not change the game, only those shirking their duties would bear the brunt of it – not just in additional auditing – but they should also be doing more to address the injuries their negligence causes to those whose records were compromised. Free credit report if you ever even hear about it, pah!


Sign up for our free HealthITSecurity.com newsletter and stay up to date with tips and advice on:

  • BYOD
  • Data Security
  • VDI
  • Cloud Security

no, thanks

Our privacy policy