Medical record

Florida Hospital Employees compromise Patient PHI

March 21st, 2015

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Brigham and Woman’s Hospital suffered data breach

November 24th, 2014

Brigham and Woman’s Hospital (BWH) laptop was stolen which may have exposed Protected Health Information (PHI) of certain individuals. An armed robbery off hospital ground led to stealing of BWH physician’s laptop and cell phone. According to the reports, physician was forced by the robbers to reveal pass codes and encryption keys.

“Possession of the pass codes/encryption keys along with the devices themselves could provide an individual the ability to view information stored on the laptop or cell phone,” BWH said. “The theft was immediately reported to the Boston Police Department.”

The hospital is unaware of the devices and the status of information access by the robbers is unknown. The devices include information about patients receiving treatment at BWH’s Neurology and Neurosurgery programs. The affected patients count stands at 999 for breached information which includes Patient names, medical record number, age, medications, and information about diagnosis and treatment. Social Security numbers or other financial information was not present on the devices.

“Upon learning of this theft, BWH initiated a thorough investigation, including the creation of a multidisciplinary workgroup to respond to this incident,” the statement said. “BWH is currently reviewing related policies and procedures in an effort to determine if there are steps that BWH can take that may decrease the likelihood of reoccurrence of this type of incident in the future.”

The hospital started sending letters to potentially affected patients asking them to report any illegal activity.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Bon Secours suffers data breach due to former employee

November 17th, 2014

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

St. Joseph Health’s patients’ data stolen

June 10th, 2014

Password 'fido' ...item 3b.. Five Characters i...

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not availale.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

University of Miami Health System patients notified about lost records

February 10th, 2014

 

The University of Miami Health System (UHealth) one of Southern Florida’s largest health providers has lost patient records containing protected health information (PHI). It had recently begun to notify about the incident to the patients.

Information on the file contained patient names, dates of birth, physician’s name, insurance company name, medical record name, visited facility, visit number, procedures, diagnostic codes, and Social Security numbers. Uhealth didn’t disclose the number of patients affected.

“Medical records are not at risk, but in an abundance of caution, the University is notifying all individuals whose information was included in the missing records,” a written statement by the Health System mentioned.

In July, an off-site storage vendor was contacted by the Department of Otolaryngology to locate the records but was unable to find it. After confirmation they notified about the lost records. Uhealth is offering credit monitoring services for all the affected patients. It further added as patients were notified after six months of the incident, it is unlikely of misuse in coming days.

Theo Karantsalis, whose son was treated by the department said, “The one thing we expect is that your patient records are going to be kept confidential.”

According to Uhealth’s Statement it will report the incident to HHS. Below is complete excerpt of the report:

“The University of Miami Health System (UHealth) is committed to providing our patients the best possible care and to protecting the confidentiality of our patients’ health information. On June 27, 2013, the Department of Otolaryngology, while attempting to retrieve records stored at an offsite storage vendor, was notified that the vendor was unable to locate the records. After an exhaustive search, it was confirmed on August 28, 2013, that the records were not in the possession of the University or the storage vendor.

Everything we’re giving out is on the release

These records consisted of billing vouchers (documents used for internal billing purposes). Vouchers contain the name, date of birth, social security numbers, physician name, facility, insurance company name, medical record number, visit number, procedure and diagnosis codes for the patient’s visit. Vouchers are documents used for internal billing purposes ONLY. Medical records are not at risk.

At this time, there is no indication that the information has been misused in any way.

In an abundance of caution, the University is notifying all individuals whose information was included in the missing records. The University also is offering potentially affected patients complimentary credit monitoring protection and has established a website to serve as a primary source of information, as well as a toll-free number for additional questions.

Only patients who were seen at the Department of Otolaryngology may potentially be affected by the incident. Potentially affected patients will receive a notification letter.

University computer systems are completely unaffected by this incident. All patient information remains current and available on these systems.

At the University of Miami Health System, we take the privacy and security of our patients’ information very seriously. We continue to review and refine our physical and electronic safeguards to enhance protection of all patient data. We are committed to protecting all information entrusted to us, and pursuant to the Federal HITECH Breach Notification Rule, we will report this incident to the U.S. Department of Health and Human Services.

Available around the clock, the University’s incident website is http://entincident.med.miami.edu. The toll-free incident line, 866-274-4371, is available from 9 a.m. to 9 p.m. EST Monday through Friday and from 11 a.m. to 8 p.m. EST Saturday and Sunday until April 30, 2014.”

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Saint Francis Hospital Patient Data Breach

January 30th, 2014

Saint Francis Hospital Patients data were stolen from independent contractor physician car in New Haven, Conn.  Vanapalli is an independent contractor physician who works in the Emergency Department at Saint Francis. There are many questions related to unsecured data presence in the car. Saint Francis Hospital and Medical Center notified patients about the breach quicker than many other organizations.

Information included patient names, dates of birth and medical record numbers. It didn’t contain information like Social Security numbers, financial information or addresses.

It shows how organizations need to keep electronic health records, as well as the risks associated with paper copies of records. The incident reinforces the need for electronic health records (EHRs). But also it shows importance of safe guard measures like encryption of laptops, desktops and policy enforcement for better security.

Saint Francis has mentioned that they have implemented internal information safeguards. Credit monitoring for the 858 patients will be provided for two years. It said it will plan to improve physical safeguards. One of the steps includes preventing physicians, especially those who are contracted, from possessing physical records and transport them. So considering incidents like this EHR systems do have certain privacy and security benefits.

Saint Francis said the breach was a violation of policy. It said they didn’t receive any information to related data misuse. John Rodis, M.D., executive vice president and chief operating officer and chief physician executive, said “Our goal has always been to help ensure adequate safeguards are in place to protect our patients’ confidentiality. Education of our staff has already been completed and we are evaluating other opportunities to strengthen our compliance program.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Records stolen from CaroMont employee’s car

January 21st, 2014

CaroMont Regional Medical Center’s census report paper records for 191 patients were stolen from an employee’s car in Dallas. The information was reportedly stolen from the   employee’s car during a stoppage on the way to the office. Employee notified Dallas Police Department about the theft.

Employees have been known to take patient information out but certain steps are required to be followed to protect the information according to CaroMont spokeswoman Dallas Paddon.

Patient names, dates of birth, medical record number, and the reason for the hospital visits were the information present on the report. The census report was single printed document. CaraMount notified the affected patients. They are advised to monitor their credit and contact Experian, Trans Union, and Equifax because of possible financial information misuse. CaraMount didn’t mention the reason behind it.

Donnetta Horseman, CaroMont’s corporate responsibility officer, issued a statement about the theft Wednesday, “Upon learning of the unauthorized disclosure, we conducted a thorough investigation with the staff person and appropriate disciplinary actions were taken.”

The staff member has been disciplined and staff is being reeducated on patient information disclosure and CaroMont’s Notice of Privacy Practices as per CaraMount. But it was not made clear why the employee had the report in his or her car.

Previous year information from 1,310 patients with CaroMont Medical Group was sent through an unsecured email.  Email included information names, addresses, phone numbers, dates of birth, dates of service, medical record number, diagnonses, medication, and insurance company names, as well as two patients’ Medicare numbers.

Around 80% of information theft is due to lost or stolen laptops and other storage equipment. With the critical information at stake, many companies also use encrypted laptops/computers for storing records which is also stored in binder. With the misplaced or stolen laptops same as paper record can cause serious security concerns. To secure records or computers related stringent procedures should be followed.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta