Monthly Archives: November 2009

PCI Human Train Wreck Coming Next Year For Level 2s

Many Level 2 merchants are just now realizing that their PCI world has changed. Under rules announced this summer, Level 2 MasterCard merchants—like their Level 1 brethren—will require an onsite assessment by a QSA starting in 2010.

via StorefrontBacktalk » Blog Archive » PCI Human Train Wreck Coming Next Year For Level 2s.

Restaurants file lawsuit against payment terminal vendor after customers have identities stolen – SC Magazine UK

A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen after using uncompliant terminals.

According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.

via Restaurants file lawsuit against payment terminal vendor after customers have identities stolen – SC Magazine UK.

Sixteen fired at Ben Taub Hospital over alleged patient’s privacy violations – 11/25/09 – Houston News – abc13.com

Eyewitness News has learned that 16 employees of the Harris County Hospital District – most of whom worked at Ben Taub General Hospital – were fired last week for allegedly looking through patients confidential medical information.

via Sixteen fired at Ben Taub Hospital over alleged patient’s privacy violations – 11/25/09 – Houston News – abc13.com.

Pharmacists and Consumer, Privacy Advocates Urge Feds to Investigate CVS Caremark for Alleged HIPAA Violations

The Health Insurance Portability and Accountability Act (HIPAA) allows CVS Caremark access to information on patients covered by its pharmacy benefit manager for administering claims and other limited purposes. Company letters collected by NCPA document CVS Caremark tapping into personal medical histories for marketing purposes, such as to urge patients to switch an existing prescription from their independent community pharmacy to a CVS retail or Caremark mail order pharmacy. A redacted example letter can be found here

via Pharmacists and Consumer, Privacy Advocates Urge Feds to Investigate CVS Caremark for Alleged HIPAA Violations.

Health Information Technology (HIT) HIPPA Security Rule Self Assessment Toolkit – Federal Business Opportunities: Opportunities

The National Institute of Standards and Technology wants industry help to develop a Web-based tool that would let users determine if they met the security requirements of the Health Insurance Portability and Accountability Act (HIPAA)

… The contractor shall gather requirements, design, develop, test, and integrate a software application for use as a web based application and for download for CSD customers to conduct a self assessment of their work environment against the security requirements of the HIPAA Security Rule.

via RECOVERY – Health Information Technology (HIT) HIPPA Security Rule Self Assessment Toolkit – Federal Business Opportunities: Opportunities.

UMC has patient privacy leak – has been selling patient data

Private information about accident victims treated at University Medical Center has apparently been leaking for months, the Sun has learned, allegedly so ambulance-chasing attorneys could mine for clients.

Sources say someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries — that could also be used for identity theft.

via UMC has patient privacy leak – Friday, Nov. 20, 2009 | 2 a.m. – Las Vegas Sun.

Health Insurer Loses 1.5 Million Patient Records | Threat Level | Wired.com

A health insurer lost 1.5 million patient records last May but waited six months to disclose the incident.

The data, which was stored on a portable disk drive that disappeared from the insurer’s office, was unencrypted and included patient Social Security numbers, bank account numbers and health data, according to the Hartford Courant. The disk also contained personal information on at least 5,000 physicians.

via Health Insurer Loses 1.5 Million Patient Records | Threat Level | Wired.com.