Two Separate Healthcare Data Breaches Expose Patients’ PHI

November 6th, 2015 by admin Leave a reply »

A California healthcare organization suffered two separate healthcare data breaches.

First Data Breach

Incident happened when some small glass laboratory slides and paper records were disposed of in a way that did not conform to Huntington Medical Research Institutes (HMRI) policies.

Affected information includes patient names, dates of birth, clinical information such as diagnosis, treatment, tissue sources, specimen information, specific tests ordered, and referring physician information. Some billing information may also have been included. However, Social Security numbers and financial information were not included in the slides and paper records.

HMRI is diligently following up on this incident and taking reasonable actions to prevent similar incidents in the future,HMRI explained in a statement on its website, adding that there is no reason for patients to take any action. Among other actions, HMRI is reinforcing the training of staff who have access to patient health information, and strengthening data security.

Second Data Breach

The second healthcare data breach was reported after former HMRI employee potentially took some ePHI.

Affected information includes patient names, some demographic information such as date of birth, clinical information such as diagnosis, treatment, tissue specimen source, other specimen information,  and specific tests ordered were all included. Moreover, referring physician information and some billing information were also potentially exposed.

HMRI statement mentioned that there is no action that patients need to take, and that it once again plans to reinforce staff training for employees to have access to PHI and also strengthen the facilitys data security.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.


Leave a Reply