Tag Archives: patient privacy

$140k penalty for healthdata breach (paid by firm AND doctors)

Posted on January 8, 2013 | Leave a comment

The Boston Globe writes that the former owners of a medical billing practice that dumped sensitive health ­records at the Georgetown Transfer Station have agreed, along with doctors involved, to pay $140,000 in a settlement with the Massachusetts attorney general’s office.

A Globe photographer ­noticed the pile of paper ­records when he was tossing out his own trash in July 2010.

The pile consisted of ­records for more than 67,000 people, including names, ­addresses, Social­ Security numbers, pathology reports for people tested for various kinds of cancer, and other test ­results.

The photographer collected some of the documents, and the Globe contacted the hospitals that had contracted with the pathologists who had shared information with the billing company.

State and federal laws ­require health records to be disposed of in ways that ­destroy personal information, such as by shredding or incineration.

‘It is the obligation of all parties involved to ensure that sensitive information is disposed of properly.’

“Personal health information must be safeguarded as it passes from patients to doctors to medical billers and other third-party contractors,” ­Attorney General Martha Coakley said in a press release.

Read the whole story: 140$K penalty for data breach

 

The other defendants involved in this settlement are Dr. Kevin Dole, former President of Chestnut Pathology Services, P.C.; Milford Pathology Associates, P.C.; Milton Pathology Associates, P.C.; and Pioneer Valley Pathology Associates, P.C.

The AG’s Office alleges that these pathology groups violated HIPAA regulations by failing to have appropriate safeguards in place to protect the personal information they provided to Goldthwait Associates, and violated state data security regulations by not taking reasonable steps to select and retain a service provider that would maintain appropriate security measures to protect such confidential information.

 

Leave a comment

Posted in News, US and Canada

Tagged , , , , , , , ,

US Department of Health and Human Services, asked to get involved in guidance for handling patient data

Posted on January 3, 2013 | Leave a comment

Healthcareitnews.com writes that Texas-based advocacy group called Patient Privacy Rights asked DHH to create cloud-computing guidelines around the issues of secure infrastructure, security standards and business associate agreements with regard to the protection of patients’ personal data.

♣ In April, the Department of Health and Human Services reached a $100,000 HIPAA settlement with Phoenix Cardiac Surgery, after the small physician practice had managed clinical and surgical appointments, between 2007 and 2009, using an Internet-based calendar that also happened to be publicly-available.

♥ The Internet being the most ubiquitous form of cloud computing, an Austin, Texas-based advocacy group called Patient Privacy Rights is pointing to the Phoenix Cardiac Surgery HIPAA violation as an example of why HHS should regulate, or at least guide, cloud use in healthcare.

♠ In a letter to the HHS Office for Civil Rights, Patient Privacy Rights founder and chair Deborah Peel, MD, wrote that “Issuing guidance to strengthen and clarify cloud-based protections for data security and privacy will help assure patients (that) sensitive health data they share with their physicians and other health care professionals will be protected”.

♦ Cloud-computing is proving to be valuable, Peel said, but the nation’s transition to electronic health records will be slowed “if patients do not have assurances that their personal medical information will always have comprehensive and meaningful security and privacy protections.”

Read the whole story HERE.

Leave a comment

Posted in News

Tagged , , , , , , , , , , ,