CalOptima, a Medicaid managed care plan serving 360,000 recipients in Orange County, Calif., has lost claims data on 68,000 members. The missing data includes substantial identifying information on affected members. The insurer has posted the following notice, first reported by HIStalk, on the home page of its Web site:
HDM Breaking News, October 26, 2009
"CalOptima has identified the potential loss of past medical claims information for approximately 68,000 of its members that was stored on electronic media devices.....
"On Wednesday, October 14, 2009, CalOptima notified state and federal agencies of the potential loss of the devices, and on the following day, posted an alert for public notification on its Web site when it became evident the devices might not be located. CalOptima, its vendor, and the U.S. Postal Service are continuing to search for the box containing the devices. Claims information contained on the devices includes member names, home addresses, dates of birth, medical procedure codes, diagnosis codes and member identification numbers, including some Social Security numbers.
http://www.healthdatamanagement.com/news/breach-39246-1.html?ET=healthdatamanagement:e1059:144085a:&st=email
Friday, October 30, 2009
Tuesday, October 27, 2009
Email leaks 350 Baptist East employee Social Security numbers
http://www.whas11.com/news/local/stories/whas11-local-091026-baptist-ssn.256cd85b3.html
A few days ago it happened in Bullitt County schools and now it’s Baptist Hospital East.
350 names of hospital employees appear on this list that was circulated in an e-mail and so do their social security numbers. When WHAS11 called people on the list, every one of them was stunned it was out there.
Baptist won't say how many people received this list at the hospital but they say it was supposed to be a reminder to managers about which nurses needed to renew their medical licenses.
MIAOULIS NOTE: This is just another reminder that we should NOT use the full SSN when a pratial SSN will work. The excuse of needing SSN for identification also leads to the potential for identity theft. Organizations should review all computer systems that maintain the full SSN and limit who has access to the full SSN. Limiting individuals to only the last 5 digits and to only birth month and year, would reduce the risks in this area.
A few days ago it happened in Bullitt County schools and now it’s Baptist Hospital East.
350 names of hospital employees appear on this list that was circulated in an e-mail and so do their social security numbers. When WHAS11 called people on the list, every one of them was stunned it was out there.
Baptist won't say how many people received this list at the hospital but they say it was supposed to be a reminder to managers about which nurses needed to renew their medical licenses.
MIAOULIS NOTE: This is just another reminder that we should NOT use the full SSN when a pratial SSN will work. The excuse of needing SSN for identification also leads to the potential for identity theft. Organizations should review all computer systems that maintain the full SSN and limit who has access to the full SSN. Limiting individuals to only the last 5 digits and to only birth month and year, would reduce the risks in this area.
AHA urges improvements to HITECH breach notification rule
WASHINGTON – The American Hospital Association would like to see some changes in the proposed federal rule for patient medical information breaches.
In a letter sent Friday to Health and Human Services Secretary Kathleen Sebelius, AHA officials said thay are endorsing the rule, but calling for "further improvements" to make it better.
The interim final rule implements the requirements from the Health Information Technology for Economic and Clinical Health (HITECH) Act for hospitals and other Health Insurance Portability and Accountability Act (HIPAA) covered entities and their business associates to notify individuals when a breach of their unsecured personal health information occurs.
AHA officials would like the HHS to identify additional situations in which the department considers the privacy or security of information not to be compromised and, therefore, would not trigger the obligation to provide notice under the breach notification regulations.
http://www.healthcareitnews.com/news/aha-urges-improvements-hitech-breach-notification-rule
In a letter sent Friday to Health and Human Services Secretary Kathleen Sebelius, AHA officials said thay are endorsing the rule, but calling for "further improvements" to make it better.
The interim final rule implements the requirements from the Health Information Technology for Economic and Clinical Health (HITECH) Act for hospitals and other Health Insurance Portability and Accountability Act (HIPAA) covered entities and their business associates to notify individuals when a breach of their unsecured personal health information occurs.
AHA officials would like the HHS to identify additional situations in which the department considers the privacy or security of information not to be compromised and, therefore, would not trigger the obligation to provide notice under the breach notification regulations.
http://www.healthcareitnews.com/news/aha-urges-improvements-hitech-breach-notification-rule
Tuesday, October 20, 2009
Survey: IT Workers Say Medical Centers Could Boost Privacy Measures
More than half of American hospitals fail to take appropriate steps to protect the privacy of patients, according to a new survey of health care IT security professionals.
Released Tuesday by the Ponemon Institute, the survey, titled “Electronic Health Information at Risk: A Study of IT Practitioners,” found that 80 percent of responding health care organizations had experienced at least one incident of lost or stolen electronic health information in the past year.
http://www.scmagazineus.com/Survey-finds-lax-health-care-privacy-in-United-States/article/155795/
Among the IT professionals surveyed, 70 percent said senior management does not view privacy and data security as a priority..
Released Tuesday by the Ponemon Institute, the survey, titled “Electronic Health Information at Risk: A Study of IT Practitioners,” found that 80 percent of responding health care organizations had experienced at least one incident of lost or stolen electronic health information in the past year.
http://www.scmagazineus.com/Survey-finds-lax-health-care-privacy-in-United-States/article/155795/
Among the IT professionals surveyed, 70 percent said senior management does not view privacy and data security as a priority..
Monday, October 19, 2009
Police: Woman At Hospital Tried To Steal Baby
ALBANY, Ore. -- An Albany woman is suspected of attempting to kidnap an infant from a hospital, police said.
Twenty-five-year-old Trinity Vidal-Hernandez was arrested Tuesday following an investigation into claims that she lied about a friend's medical emergency and then snuck into the maternity ward, said Captain Eric Carter of the Albany Police Department in a news release Tuesday.......
The CEO of the hospital commended staff members for catching Vidal-Hernandez.
"The staff did a really good job. They trust their instincts, they follow what they're trained to do and it helps," said David Triebes.
Triebes said security measures would have prevented Vidal-Hernandez from leaving the hospital with a baby.
http://www.kptv.com/news/21285591/detail.html
MIAOULIS Note: Although this is not information security the protection of patients, visitors and employees should be part of a comphrensive security program. Training on how to handle situation can prove to be very important.
Twenty-five-year-old Trinity Vidal-Hernandez was arrested Tuesday following an investigation into claims that she lied about a friend's medical emergency and then snuck into the maternity ward, said Captain Eric Carter of the Albany Police Department in a news release Tuesday.......
The CEO of the hospital commended staff members for catching Vidal-Hernandez.
"The staff did a really good job. They trust their instincts, they follow what they're trained to do and it helps," said David Triebes.
Triebes said security measures would have prevented Vidal-Hernandez from leaving the hospital with a baby.
http://www.kptv.com/news/21285591/detail.html
MIAOULIS Note: Although this is not information security the protection of patients, visitors and employees should be part of a comphrensive security program. Training on how to handle situation can prove to be very important.
Blue Cross Blue Shield Association affirms laptop breach
The Blue Cross Blue Shield Association (BCBSA) is reviewing its security practices after thieves stole an employee's computer that contained an unencrypted file with the personal information of nearly every doctor who accepts the popular health insurance plan.
That amounted to between 800,000 and 850,000 doctors, spokesman Jeff Smokler said. The data on the computer file -- which was stolen out of a parked car in Chicago over the weekend -- included names, addresses, tax ID and physician identifier numbers. In 16 percent of the cases, the tax ID number was a Social Security number.
http://www.scmagazineus.com/Blue-Cross-Blue-Shield-Association-affirms-laptop-breach/article/151740/
That amounted to between 800,000 and 850,000 doctors, spokesman Jeff Smokler said. The data on the computer file -- which was stolen out of a parked car in Chicago over the weekend -- included names, addresses, tax ID and physician identifier numbers. In 16 percent of the cases, the tax ID number was a Social Security number.
http://www.scmagazineus.com/Blue-Cross-Blue-Shield-Association-affirms-laptop-breach/article/151740/
Blue Cross physicians warned of data breach
The largest health insurer in Massachusetts is warning roughly 39,000 physicians and other health care providers in the state that personal information, including Social Security numbers, may have been compromised after a laptop containing the data was stolen in August from an employee of the Blue Cross and Blue Shield Association’s national headquarters in Chicago.
The breach involves “tens of thousands’’ of physicians nationwide, although the precise number is unclear, according to a national Blue Cross-Blue Shield spokesman. Thirty-nine affiliates feed information about providers into a database maintained by the association’s national headquarters.
http://www.boston.com/news/local/massachusetts/articles/2009/10/03/blue_cross_physicians_warned_of_data_breach/
The breach involves “tens of thousands’’ of physicians nationwide, although the precise number is unclear, according to a national Blue Cross-Blue Shield spokesman. Thirty-nine affiliates feed information about providers into a database maintained by the association’s national headquarters.
http://www.boston.com/news/local/massachusetts/articles/2009/10/03/blue_cross_physicians_warned_of_data_breach/
Women's medical records hacked
Scores of local women have been warned that their credit might be at risk after a computer system being used for a breast cancer study was hacked at the University of North Carolina School of Medicine. The Carolina Mammography Registry in Chapel Hill recently informed the women that a computer security breach in 2007 might have exposed personal information they did not know was sent to the registry.
“It was disturbing, to say the least, to learn that so much of your personal information had been shared without your consent,” Rocky Mount City Clerk Jean Bailey said. She is not alone.
As many as 160,000 patient files from women across the state might have been exposed, including 114,000 Social Security numbers, according to the university.
http://www.rockymounttelegram.com/news/womens-medical-records-hacked-904592.html
“It was disturbing, to say the least, to learn that so much of your personal information had been shared without your consent,” Rocky Mount City Clerk Jean Bailey said. She is not alone.
As many as 160,000 patient files from women across the state might have been exposed, including 114,000 Social Security numbers, according to the university.
http://www.rockymounttelegram.com/news/womens-medical-records-hacked-904592.html
Friday, October 9, 2009
HHS Breach Forms
The breach notification interim final rule requires covered entities to provide the Secretary with notice of breaches of unsecured protected health information (45 CFR 164.408). The number of individuals affected by the breach determines when the notification must be submitted to the Secretary. Please review the instructions below for submitting breach notifications. Please note: only covered entities may submit notification using this form.
Breaches Affecting 500 or More IndividualsBreaches Affecting 500 or More Individuals
If a breach affects 500 or more individuals, a covered entity must provide the Secretary with notice of the breach without unreasonable delay and in no case later than 60 days from discovery of the breach. This notice must be submitted electronically by following the link below and completing all information required on the breach notification form.
If a covered entity that has submitted a breach notification form to the Secretary discovers additional information to report, the covered entity may submit an additional form, checking the appropriate box to signal that it is an updated submission. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
Breaches Affecting 500 or More IndividualsBreaches Affecting 500 or More Individuals
If a breach affects 500 or more individuals, a covered entity must provide the Secretary with notice of the breach without unreasonable delay and in no case later than 60 days from discovery of the breach. This notice must be submitted electronically by following the link below and completing all information required on the breach notification form.
If a covered entity that has submitted a breach notification form to the Secretary discovers additional information to report, the covered entity may submit an additional form, checking the appropriate box to signal that it is an updated submission. http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html
Subscribe to:
Posts (Atom)