Archive for HIPAA News
Accretive Health, Inc., a consulting firm charged with violating health privacy laws, has asked to have the lawsuit dismissed, according to an April 30 report in the StarTribune. Accretive lost a laptop computer containing the medical data of 23,500 Minnesota residents last year.
The company claims that because no consumers have been harmed as a result of the lost data, claims of consumer fraud in Attorney General Lori Swanson’s lawsuit are baseless.
Swanson’s lawsuit seeks an order that would require Accretive to inform patients of the information collected, how that information will be used, and where that information has been sent. Accretive has accused Swanson of creating a media campaign against the company rather than settling the issue in court.
Source: StarTribune
South Carolina government enforcement officials are cracking down on state agency security systems after an HHS employee stole more than 228,000 Medicaid patients' personal information, according to the Associated Press.
Christopher Lykes Jr., a project manager at HHS in South Carolina, had been arrested and charged April 19 with violating the confidentiality of medical indigents and disclosing confidential information.
Lykes allegedly compiled information and personal data from more than 228,000 Medicaid patients into a spreadsheet and sent it to his personal email account. The state’s Medicaid agency sent notification letters to affected patients, who have been cautioned not to believe anyone who calls claiming to be with the agency.
Source: aikenstandard.com
A laptop stolen from a nurse practitioner in Georgia may compromise the personal information of more than 500 patients, according to a March 15 announcement by Georgia Health Sciences University on its website.
The nurse practitioner works at several sickle cell clinics in Georgia, including the Georgia Health Sciences Adult Sickle Cell Clinic. Someone stole the laptop from her home January 18.
Though the records contained on the laptop include names, dates of birth, diagnosis information, and an internal code associated with patients’ lab tests, none of the records included Social Security numbers, financial information, or addresses.
A spokesperson from Georgia Health Sciences University expressed regret at the theft and noted that the organization attempted to personally notify patients of the incident.
The Utah Department of Health (UDOH) released an update April 9 regarding a data breach caused by a hacked server in the Department of Technology Services.
The hackers stole the Social Security numbers of an estimated 280,000 Medicaid beneficiaries, and made off with less-sensitive personal information of an additional 500,000 individuals. The March 30 breach affected 780,000 people, according to the update. The UDOH initially believed that hackers stole data from 24,000 claims, but has since learned that hackers accessed 24,000 files, each of which could contain hundreds of claims.
The department warned the public to be suspicious of any phone calls or emails requesting personal information. UDOH established a hotline for Medicaid clients looking to find out whether hackers compromised their information. The department is also working to identify victims of the hack and notify them of the data breach.
Source: Utah Department of Health
HHS reached a settlement with Phoenix Cardiac Surgery of Phoenix and Prescott, AZ, regarding a failure to comply with the HIPAA Privacy and Security rules when posting patient appointments to an online calendar. Phoenix Cardiac Surgery will pay $100,000 to HHS and will implement new policies and procedures to protect patients’ health information.
HHS began investigating Phoenix Cardiac Surgery following a report that clinical and surgical appointments posted by the physician practice were publicly accessible. Phoenix Cardiac Surgery did not have policies in place to safeguard patients’ electronic protected health information, and did not identify a security official or conduct a risk analysis. The organization also failed to document any employee training on its policies and procedures, according to HHS.
Source: HHS
Get blog updates in your e-mail
Subscribe to our e-zine
Click here to learn how!
Click here