Healthcare Information Security

HIPAA Administrative Safeguards

Thieves steal laptop with PHI from California internist

by Patrick Ouellette

San Jose, Calif. internist Hankyu Chung, M.D. experienced a physical data breach in his building when two laptops, one unencrypted, were stolen through use of an unlocked door and crawl space. reports that one of the two laptops...

Patients file class-action suit v. Advocate Medical Group

by Patrick Ouellette

Advocate Medical Group is facing more legal issues following its recent 4 million-patient breach that occurred on July 15. Advocate was already working with the state of Illinois and federal investigators regarding the second-largest reported...

Medical University of S.C. reports its largest data breach

by Patrick Ouellette

The Medical University of South Carolina (MUSC) sustained its largest breach ever between June 30 and Aug. 21 when a third-party credit card processing company compromised 7,000 patients’ data. The Summerville Journal Scene reports that the...

Patient files privacy breach suit v. Torrance Memorial Medical Center

by Patrick Ouellette

A Torrance Memorial Medical Center patient is seeking damages against the organization for an alleged breach of patient privacy. Former Torrance employee Veronica Valdez filed a civil suit scheduled for January against Torrance because her anesthesiologist,...

St. Anthony’s nursing home reports 2,600-patient data breach

by Patrick Ouellette

St. Anthony’s nursing home suffered a 2,600-patient data breach on July 29 when a laptop computer and flash drive with protected health information (PHI) were stolen from a doctor’s car. According to, the laptop held patient...

Florida DOH finalizing drug database security proposal

by Patrick Ouellette

The Florida Department of Health (DOH) is in the process of coming up with more concrete details regarding how it plans on fixing the state’s online prescription database to alleviate fears that it will compromise patient data safety. The...

FTC files LabMD patient privacy complaint; LabMD responds

by Patrick Ouellette

As a result of LabMD, Inc. allegedly failing to reasonably protect the security of consumers’ personal data, including medical information, the Federal Trade Commission (FTC) filed a complaint this week. LabMD, a cancer detection facility,...

CVS agrees to $250K data privacy resolution with Maryland AG

by Patrick Ouellette

CVS Pharmacy, Inc. and Maryland CVS Pharmacy, LLC reached a $250,000 agreement this week with Attorney General Douglas F. Gansler’s Consumer Protection Division because it didn’t do enough protect patient data in the eyes of the AG. This...

UT Physicians informs patients of data breach

by Patrick Ouellette

UT Physicians, The University of Texas Health Science Center at Houston (UTHealth) Medical School’s medical group practice, posted a notice on Wednesday notifying patients of an Aug. 2 data breach. The organization learned that an unencrypted...

Valparaiso Fire Dept. alerts patients of ADP data breach

by Patrick Ouellette

About nine months after a Valparaiso, Ind. Fire Department ambulance data breach occurred, the Valparaiso billing company responsible for the breach, Advanced Data Processing (ADP), has sent out breach notification letters. Valparaiso said in...

Advocate Medical Group endures massive data breach

by Patrick Ouellette

Advocate Medical Group of Chicago is in the process of alerting more than 4 million patients of a July 15 data breach in which four unencrypted computers were stolen from a Park Ridge administrative building. This substantial breach is the second-largest...

CMS proposes 1-hour HIX data breach reporting period

by Patrick Ouellette

The Department of Health and Human Services (HHS) Centers for Medicare and Medicaid Services (CMS) requested emergency review in this week’s Federal Register of its proposed rule that state health insurance exchanges report data breaches within...

Alaska’s Hope Community Resources suffers data breach

by Patrick Ouellette

Hope Community Resources (HCR) of Alaska accidently exposed 3,700 disabled patients’ protected health information (PHI) in an email Monday night. The Alaska Department of Health and Social Services (DHSS) said it is investigating the breach....

State Attorney Generals express security fears to HHS

by Patrick Ouellette

A state Attorney General alliance recently wrote a letter to Department of Health and Human Services (HHS) Secretary Kathleen Sebelius with apprehension that the new health insurance exchange “navigators” that open for enrollment on Oct....

North Texas spine specialist reports patient data breach

by Patrick Ouellette

The North Texas Comprehensive Spine and Pain Center told 3,000 patients last week of a recent data breach in which it lost a computer drive containing patient medical records back in June. According to, the compromised data included...

Gmail privacy questions raise healthcare security concerns

by Patrick Ouellette

Though Google has professed a disinterest in contractually engaging healthcare organizations, the cloud email service giant continues to be a polarizing figure in the data privacy conversation. A recent Google court filing stated that those sending...

Tampa General Hospital investigating another data breach

by Patrick Ouellette

Just more than a month after some Tampa General Hospital (and James A. Haley VA Medical Center) employees were indicted for a fraudulent tax refund scheme, the organization is investigating more patient identities being stolen by a now-terminated...

Tennessee man charged with cancer patient data breach

by Patrick Ouellette

Mareco Bell of Cordova, Tenn. was arrested this week after being charged for among the more deplorable data breaches in recent memory. Bell stole more than 500 cancer patients’ identities and filed fraudulent tax returns with the data...

Caledonia Home Health and Hospice reports data breach

by Patrick Ouellette

Caledonia Home Health and Hospice, located in Vermont, recently alerted patients of a data breach involving an employee’s stolen Netbook on July 20. The device was stolen from their home and Caledonia sent notification letters on August...

Will Walgreens breach ruling affect future HIPAA violations?

by Patrick Ouellette

Data breach victims and their lawyers have often subscribed to the theory that a HIPAA violation does not allow victims to take a covered entity for a “private cause of action,” meaning they can’t sue as individuals over a privacy breach....


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks