Healthcare Information Security

HIPAA Administrative Safeguards

Legal ramifications of UCLA Health breach suit dismissal

by Patrick Ouellette

The Second Appellate District Court of California recently dismissed a class-action lawsuit against the University of California regarding a data breach compromising 16,000 UCLA Health System patients’ data. The court made this...

Seton Healthcare Family announces unencrypted laptop theft

by Patrick Ouellette

Seton Healthcare Family posted a notice on its website that an unencrypted laptop was stolen between October 3 and October 4 from the Seton McCarthy Clinic that held 5,000 patients’ data. Compromised information included name,...

Broward Health sends 960 patient breach notification letters

by Patrick Ouellette

Broward Health recently notified 960 patients via letter that a former Broward Health Medical Center employee stole their personal data between October and December 2012. Broward apparently learned in June that the employees stole...

How a HIPAA BA responds to a patient data breach

by Patrick Ouellette

When a healthcare organization goes through a data breach, its HIPAA responsibilities are clearly laid out as covered entities and there is little ambiguity as to what the Department of Health and Human Services (HHS) and Office for Civil...

North Country Hospital in battle with ex-employee over breach

by Patrick Ouellette

North Country Hospital of Newport, Vt. is in a dispute with a former IT employee, Christian Cornelius, as to whether 3,000 patients’ data inside a “retired” laptop was exposed. The former employee claims that he tried to...

Memorial Hospital of Lafayette County reports data breach

by Patrick Ouellette

Wisconsin’s Memorial Hospital of Lafayette County has posted notice on its website that it mailed out 8,000 data breach notification letters to patients after it learned on Aug. 6, 2013 that some of their financial statements had...

Legal Aid Society of San Mateo County suffers data breach

by Patrick Ouellette

The Legal Aid Society of San Mateo County is in the process of alerting patients of an August 12 burglary of 10 laptops that held personal data. According to the notification letter to the California Attorney General, the organization said...

Scottsdale Dermatology Clinic endures billing firm breach

by Patrick Ouellette

The Scottsdale Dermatology Clinic is investigating a patient data breach in which one of its medical billing firm’s employees, Brittany Davidson, and her boyfriend Winfred Aurelious Dick, Jr. used her patient data access to steal...

Hope Family Health reports 8,000-patient data breach

by Patrick Ouellette

Hope Family Health of Westmoreland, Tennessee is dealing with the theft of a finance department employee’s unencrypted laptop that held 8,000 patients’ personal information. Hope has notified patients who visited the...

Saint Louis University notifies 3,000 patients of data breach

by Patrick Ouellette

Saint Louis University (SLU) is in the process of reporting a health data breach that affected 3,000 patients and occurred in early August. According to, a few SLU employees gave out their account information by mistake as part of...

CaroMont Health alerts 1,310 patients of data breach

by Patrick Ouellette

CaroMont Health announced Friday that it learned of an internal health data breach that involved an employee sending an unsecure email with 1,310 patients’ protected health information (PHI) on August 8 during a routine security...

UCSF Medical Center latest to have laptop with PHI stolen

by Patrick Ouellette

Count the University of California San Francisco (UCSF) Medical Center as the most recent healthcare organization to have an unencrypted laptop stolen from an employee’s car. UCSF has already sent out letters to the 3,541 affected...

UnityPoint Health learns of EHR data breach during audit

by Patrick Ouellette

UnityPoint Health of West Des Moines, Iowa reported this week that it discovered unauthorized access to its EHR system during a routine audit back on August 8 that put 1,800 patients’ data at risk. The Sioux City Journal reports that...

St. Mary’s Janesville Hospital reports health data breach

by Patrick Ouellette

After another health data breach involving theft of an unencrypted laptop was reported this week, perhaps healthcare organizations will begin taking a long look at forming strict policies regarding encrypting and storing devices that...

Laptop with PHI stolen from Santa Clara Valley Medical Center

by Patrick Ouellette

Santa Clara Valley Medical Center recently mailed out patient notification letters to alert them of a data breach that it discovered on September 16. According to the notification letter, an unencrypted audiology department laptop used for...

Health data breaches: Gearing up for the before and after

by Patrick Ouellette

BOSTON - Though last week’s HIMSS Privacy and Security Forum keynote “Preparing Now for How to Respond to the Security Breach You Hope Never Happens” involved different perspectives on data breaches, their data breach...

Ohio psychologist alerts patients of data breach

by Patrick Ouellette

A Lima, Ohio clinical psychologist, Carol L. Patrick, is in the process of notifying clients that their office was robbed on August 8 and, as a result of the theft, their identities may have been compromised. reports that the...

Kaiser v. Surefile breach suit dropped but questions linger

by Patrick Ouellette

In what looked to be the ending of a long, convoluted legal battle between Kaiser Permanente and Surefile File Systems that began in 2010, Surefile told last week that Kaiser’s law suit had been thrown out and the judge...

Holy Cross Hospital reports 9,900-patient data breach

by Patrick Ouellette

Holy Cross Hospital in Fort Lauderdale, Fla. has notified 9,900-patients of a data breach that occurred between November 2011 and August 2013. According to, a Holy Cross employee accessed patient names, dates of birth,...

Mercy Health Systems, Allscripts data breach details emerge

by Patrick Ouellette

The circumstances surrounding a data breach last winter at Mercy Health Systems (MHS) in Baltimore involving a lost, unencrypted Allscripts hard drive were publicized only recently, according to a report from Allscripts...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...