Healthcare Information Security

HIPAA Administrative Safeguards

Notices of stolen S.C. insurance data sent 2 months after theft

by Nicole Freeman

A South Carolina state-mandated health insurance program notified customers of a laptop theft two months after the theft was reported, according to The laptop contained information from 3,432 customers who had used the program...

Kentucky auditor makes case for data breach notification law

by Patrick Ouellette

Most healthcare organizations are aware of breach notification requirements on a federal level, but most states have rules and regulations for notifying patients of a data breach. However, Kentucky is not one of those states and its auditor recently...

Laptop stolen from N.M. Oncology and Hematology Consultants

by Nicole Freeman

A laptop was stolen from an employee office at New Mexico Oncology and Hematology Consultants, Ltd. (NMOHC), according to a statement on their website. The theft was discovered on November 13, 2013, and was reported to the police. The laptop...

Update: Nearly 49,000 Medicaid cards incorrectly mailed

by Nicole Freeman

Health officials in North Carolina announced a Medicaid mix-up involving more than 48,000 children, according to a public release from the state’s Department of Health and Human Services (DHHS). The cards were issued to patients being switched...

Omnicell data breach suit dismissal: Healthcare ramifications

by Patrick Ouellette

A lawsuit against Omnicell stemming from a 2012 health data breach was recently dismissed, in part, because the plaintiff failed to prove damages related to the breach. The interesting part of the dismissal, however, was that there were four...

Misprinted bills expose Penn patient information

by Nicole Freeman

University of Pennsylvania Health System (Penn) patients received bills containing both their information and that of other patients, according to a report from RevSpring, a Michigan-based billing vendor used by Penn, believes the...

Former resident physician drops case against Iowa hospital

by Nicole Freeman

Former resident physician Dr. Julie C. Howard has dismissed her lawsuit against Mercy Medical Center-North Iowa, according to the Globe Gazette. Howard had filed the suit, accusing Mercy of breach of contract, in June of 2011 in Cerro Gordo County...

Patients file class suit v. Kaiser for data breach damages

by Patrick Ouellette

Considering nearly 49,000 Kaiser Foundation Hospital Orange County - Anaheim Medical Center patients were affected by Kaiser’s September 25 data breach, it’s not all that surprising that a class-action lawsuit has been filed under...

Barnabas Health sends patient data breach notifications

by Patrick Ouellette

Barnabas Health of New Jersey has sent notification letters to 1,100 pediatric specialty center patients explaining that their data may have been compromised as a result of an unencrypted laptop being stolen on Sept. 24, 2013. In a sample notice...

Barry University notifies patients of May data breach

by Nicole Freeman

Barry University Foot and Ankle Institute patients are being notified of data breach after a school laptop was infected with malware in May, according to the Miami Herald. The university hired a computer forensic company to remove the malware...

Colorado Medicaid notifies 1,918 patients of data breach

by Nicole Freeman

Information from 1,918 Colorado Medicaid patients was breached after a temporary employee from outside contractor Colorado Community Health Alliance (CCHA) sent the information to his or her own personal email address, according to reports from...

Update: Dermatology practice pays HHS $150,000 in HIPAA fines

by Nicole Freeman

The Department of Health and Human Services (HHS) announced in a press release yesterday that Adult & Pediatric Dermatology, P.C. (APDerm) of Concord, Mass., will pay $150,000 in fines stemming from a 2011 data breach. On Sept. 14, 2011,...

Laptop stolen from Inspira Medical Center Vineland

by Nicole Freeman

A laptop containing patient information was stolen from the radiology department at Inspira Medical Center Vineland in New Jersey, according to reports on and The computer was reported missing from an unsecured filing...

Wash. Memorial VA endures 1,519-patient health data breach

by Patrick Ouellette

The Jonathan M. Wainwright Memorial VA Medical Center (VAWW) of Walla Walla, Washington mistakenly sent 1,519 patients’ data to an external education partner on November 1, according to While the exact types of exposed...

Tennova Cardiology subcontractor breach affects 2,777 patients

by Patrick Ouellette

Tennova Cardiology of East Tennessee has informed 2,777 patients via notification letter that their data was compromised following the theft of an unnamed third-party transcription contractor’s unencrypted laptop from their car on October...

Healthcare’s most significant data breaches of 2013

by Nicole Freeman

As 2013 comes to a close, we at took a look at some of the largest and most unusual data breaches that happened this year. From reports affecting over 4 million people to inappropriate internal employee conduct, 2013 has...

USH-Pruitt reports two data breaches in two weeks

by Nicole Freeman

In case of strange coincidence, Georgia’s UHS-Pruitt Corporation reported two missing laptops within a two-week period, according to a posting on Georgia Public Notice and a press release from UHS-Pruitt Corporation. As reported on,...

S.C. Comprehensive Psychological Services has 3,500-patient breach

by Patrick Ouellette

Comprehensive Psychological Services LLC of South Carolina recently reported a data breach in which it alerted 3,500 patients that a laptop with protected health information (PHI) was stolen from the practice’s office on October 28, according...

Fairfax County, Va. reports data breach to 1,499 patients

by Patrick Ouellette

The Fairfax County, Va. Health Department has informed 1,499 patients who received care at Bailey’s Health Center of Falls Church, Va. that their data had been exposed as a result of a downstream data breach. Fairfax contractor Molina...

Cottage Health System alerts 32,755 patients of data breach

by Patrick Ouellette

Cottage Health System of California recently notified 32,755 patients via mail that their data may have been inadvertently exposed on Google after a third-party vendor removed electronic security protections from one of its servers. According...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks