EHR, Meaningful use, ICD-10, Electronic Health Records

Health Data Breach

Routine Audit Reveals PHI Data Breach for Md. Medical Center

June 30, 2015 - A Maryland medical center conducted a routine audit and discovered that a PHI data breach had taken place, affecting approximately 1,000 patients. Meritus Health was running “routine compliance and self-audit efforts” on May 4, 2015, the company said in a statement. Through the audit, Meritus realized that an employee at one of the company’s vendors may have accessed patient...


Articles

UC Irvine Health Data Breach Affects 4,800 Patients

UC Irvine Medical Center announced last week that an employee viewed thousands of patient records over a four-year period “without a job-related purpose,” potentially compromising the information of 4,859 patients and leading to a...

Unencrypted Flash Drives Missing from S.C. EMS Facility

South Carolina EMS patients may have been the victims of a potential health data breach after unencrypted flash drives and hard drives used as back-up storage devices were discovered to be missing from a storage facility. Lancaster County employees...

PHI Exposed in Medical Informatics Engineering Data Breach

Medical Informatics Engineering (MIE) announced last week that PHI was potentially exposed for patients of certain MIE clients. MIE became aware of suspicious activity on one of its servers on May 26, according to a company statement. Affected...

PHI Data Breaches for NY, Texas Organizations

PHI data breaches can impact both patients and the healthcare facility that experienced the breach. Patients may have to work to ensure that their personal information is not used maliciously, while covered entities or their business associates...

Potential PHI Data Breach at Calif. Youth Center

There was a potential PHI data breach at a California-based youth center, with notifications being sent out to approximately 6,800 individuals. The Fred Finch Youth Center (FFYC) announced earlier this week that a break-in occurred at one of...

Improper Disposals Lead to Potential Health Data Breaches

Preventing potential health data breaches requires healthcare organizations to have the necessary physical, technical and administrative safeguards in place. If one area is lacking, or is simply overlooked, it does not matter how strong the other...

Conn. Data Breach Security Bill Moves Forward

Connecticut Governor Dannel Malloy is expected to sign a data breach security bill into law that would grant greater protections to consumers. Senate Bill 949, An Act Improving Data Security and Agency Effectiveness, was unanimously passed by...

UPMC Health Data Breach Lawsuit Dismissed

A Pennsylvania judge dismissed the health data breach lawsuit that had been filed against the University of Pittsburgh Medical Center (UPMC) last year. Former UPMC employees filed the lawsuit after a data breach compromised the information of...

Did Failed Administrative Safeguards Cause Two Data Breaches?

This site constantly underlines the importance of healthcare organizations keeping all of their safeguards up to date, as anything from failed administrative safeguards to failed physical safeguards can create privacy and security issues. Without...

Health Data Breaches Expose Info. in NH, NJ and NY

Three recent different health data breaches affected individuals in New Hampshire, New Jersey, and New York. While not connected, these incidents further underline the importance for comprehensive security measures. Anything from human error...

Healthcare Data Breaches Have Highest Cost, Says Ponemon

Healthcare data breaches average the highest cost per stolen record, with organizations reaching as high as $363, according to Ponemon’s annual Cost of Data Breach Study: Global Analysis, sponsored by IBM. For the US specifically,...

Medical Management Data Breach Impacting Multiple States

Last week, we reported on a healthcare data breach where a third party facility, Medical Management LLC, connected with the University of Pittsburgh Medical Center (UPMC) reported that approximately 2,200 UPMC patients may have had their records...

North Dakota Data Breach Notification Law Amended

Data breach notification laws continue to be implemented and amended across the country, as North Dakota becomes the latest state to clarify its regulations on privacy and security. North Dakota Governor Jack Dalrymple recently signed SB 2214...

CareFirst Health Data Breach Affects 1.1M Individuals

CareFirst BlueCross BlueShield (CareFirst) joins the list of healthcare organizations affected by a large cybersecurity attack, as it announced yesterday that approximately 1.1 million current and former members potentially had their information...

Medical Info. Included in Nevada Data Breach Notification Law

Nevada recently adjusted its definition of personal information in the state data breach notification law to also account for medical information. Governor Brian Sandoval signed AB 179 into law on May 13, 2015, and the legislation will go into...

Accidental and Unauthorized Emails Create PHI Security Issues

No covered entity wants to notify patients of a potential PHI security incident, yet even with the appropriate safeguards in place, problems could still occur. When this happens, it is important to properly notify potentially affected individuals...

Possible Health Data Breaches From Theft, Unauthorized Access

Even when covered entities implement sophisticated cybersecurity measures, health data breaches can still happen. It is important to not overlook seemingly simple security measures, such as installing proper locks on doors or even having an alarm...

What Happens When a Healthcare Cyber Policy is Broken?

It is not uncommon for healthcare organizations to create a healthcare cyber policy with an insurance company, detailing what will take place should a data breach happen. However, if such policies are not followed, a covered entity might not...

Malware, Billing Company Theft Equal Health Data Breaches

Health data breaches are not going to disappear anytime soon, which is why covered entities must ensure that their safeguards are current and comprehensive. Anything from malware to sophisticated cyber attacks to stolen laptops can lead to PHI...