Healthcare Information Security

HIPAA Physical Safeguards

CaroMont Health alerts 1,310 patients of data breach

by Patrick Ouellette

CaroMont Health announced Friday that it learned of an internal health data breach that involved an employee sending an unsecure email with 1,310 patients’ protected health information (PHI) on August 8 during a routine security audit....

UnityPoint Health learns of EHR data breach during audit

by Patrick Ouellette

UnityPoint Health of West Des Moines, Iowa reported this week that it discovered unauthorized access to its EHR system during a routine audit back on August 8 that put 1,800 patients’ data at risk. The Sioux City Journal reports that a...

St. Mary’s Janesville Hospital reports health data breach

by Patrick Ouellette

After another health data breach involving theft of an unencrypted laptop was reported this week, perhaps healthcare organizations will begin taking a long look at forming strict policies regarding encrypting and storing devices that contain...

Laptop with PHI stolen from Santa Clara Valley Medical Center

by Patrick Ouellette

Santa Clara Valley Medical Center recently mailed out patient notification letters to alert them of a data breach that it discovered on September 16. According to the notification letter, an unencrypted audiology department laptop used for hearing...

Health data breaches: Gearing up for the before and after

by Patrick Ouellette

BOSTON - Though last week’s HIMSS Privacy and Security Forum keynote “Preparing Now for How to Respond to the Security Breach You Hope Never Happens” involved different perspectives on data breaches, their data breach principles...

Holy Cross Hospital reports 9,900-patient data breach

by Patrick Ouellette

Holy Cross Hospital in Fort Lauderdale, Fla. has notified 9,900-patients of a data breach that occurred between November 2011 and August 2013. According to, a Holy Cross employee accessed patient names, dates of birth, addresses...

Mercy Health Systems, Allscripts data breach details emerge

by Patrick Ouellette

The circumstances surrounding a data breach last winter at Mercy Health Systems (MHS) in Baltimore involving a lost, unencrypted Allscripts hard drive were publicized only recently, according to a report from Allscripts contracts...

NHC HealthCare Oak Ridge loses unencrypted backup tape

by Patrick Ouellette

NHC HealthCare of Oak Ridge, Tenn. announced a possible patient data breach after an unencrypted backup tape was lost. Though the number of patients is unknown, otentially compromised information included patient names, Social Security numbers,...

Loyola University Medical Center reports patient data breach

by Patrick Ouellette

A former Loyola University Medical Center nurse, Katrina R. Spears, was charged with felony identity theft on Sept. 8 after stealing a Loyola patient’s identity and heavily affecting her credit. Riverside, Illinois police, according to...

Patient files Carol Milgard Breast Center privacy complaint

by Patrick Ouellette

A former Carol Milgard Breast Center patient, Martha Tsuru, has filed a privacy breach complaint with the Washington State Department of Health after the Tacoma, Wash. based healthcare facility mixed in her records with three other patients’...

ICS Collection Service alerts UCPG patients of data breach

by Patrick Ouellette

A University of Chicago Physicians Group (UCPG) collection agency, ICS Collection Service, sent out a press release this week to notify the media that 1, 344 UCPG patients’ protected health information (PHI) had been exposed on July 9...

Thieves steal laptop with PHI from California internist

by Patrick Ouellette

San Jose, Calif. internist Hankyu Chung, M.D. experienced a physical data breach in his building when two laptops, one unencrypted, were stolen through use of an unlocked door and crawl space. reports that one of the two laptops...

Patients file class-action suit v. Advocate Medical Group

by Patrick Ouellette

Advocate Medical Group is facing more legal issues following its recent 4 million-patient breach that occurred on July 15. Advocate was already working with the state of Illinois and federal investigators regarding the second-largest reported...

St. Anthony’s nursing home reports 2,600-patient data breach

by Patrick Ouellette

St. Anthony’s nursing home suffered a 2,600-patient data breach on July 29 when a laptop computer and flash drive with protected health information (PHI) were stolen from a doctor’s car. According to, the laptop held patient...

CVS agrees to $250K data privacy resolution with Maryland AG

by Patrick Ouellette

CVS Pharmacy, Inc. and Maryland CVS Pharmacy, LLC reached a $250,000 agreement this week with Attorney General Douglas F. Gansler’s Consumer Protection Division because it didn’t do enough protect patient data in the eyes of the AG. This...

UT Physicians informs patients of data breach

by Patrick Ouellette

UT Physicians, The University of Texas Health Science Center at Houston (UTHealth) Medical School’s medical group practice, posted a notice on Wednesday notifying patients of an Aug. 2 data breach. The organization learned that an unencrypted...

Valparaiso Fire Dept. alerts patients of ADP data breach

by Patrick Ouellette

About nine months after a Valparaiso, Ind. Fire Department ambulance data breach occurred, the Valparaiso billing company responsible for the breach, Advanced Data Processing (ADP), has sent out breach notification letters. Valparaiso said in...

Advocate Medical Group endures massive data breach

by Patrick Ouellette

Advocate Medical Group of Chicago is in the process of alerting more than 4 million patients of a July 15 data breach in which four unencrypted computers were stolen from a Park Ridge administrative building. This substantial breach is the second-largest...

Alaska’s Hope Community Resources suffers data breach

by Patrick Ouellette

Hope Community Resources (HCR) of Alaska accidently exposed 3,700 disabled patients’ protected health information (PHI) in an email Monday night. The Alaska Department of Health and Social Services (DHSS) said it is investigating the breach....

Why virtualization doesn’t mean the end of paper-based risks

by Kyle Murphy, PhD

Virtualizing health information systems allows healthcare organizations and providers to mitigate the risk that sensitive patient data is stored locally and therefore made vulnerable to unauthorized access. “As they virtualize, it gives the...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks