Martin Memorial has completed an internal investigation regarding a patient privacy breach that occurred Feb. 3 at Martin Memorial Medical Center.
via Martin Memorial statement regarding conclusion of patient privacy breach investigation » TCPalm.com.
OCR posted on its Web site a list of covered entities this week that have reported breaches of unsecured PHI affecting more than 500 individuals, fulfilling its obligation under HITECH.
The HHS organization, which oversees enforcement and compliance of the HIPAA privacy and security rules, reports that since September 22, 2009, 32 covered entities have reported breaches that affected at least 500 individuals.
via 32 Large Patient Data Breaches Since September, Says OCR.
University Medical Center officials said Monday that personal information of traffic accident victims was likely leaked from its trauma center for more than three months, and stopped only after the Las Vegas Sun told the hospital about the breach.
via UMC admits to prolonged patient privacy leak – Tuesday, Jan. 26, 2010 | 2 a.m. – Las Vegas Sun.
Retailers and caterers have just six months to replace old systems if they are to continue to use wireless card payment technology. The industry payment security body might revoke the right to process cards for companies that do not upgrade their technology.
The Payment Card Industry (PCI)'s Data Security Standard (DSS) is the set of technical requirements which must be met by retailers who want to process cards.
It was changed in 2008 to ban the use of Wired Equivalent Privacy (WEP) technology in the transmission of card details from mobile card terminals to the main part of a system.
via Companies have just months to replace old wireless payments systems | Pinsent Masons LLP.
HHS intends to hire a contractor to demonstrate either the “ability or inability” to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule
via HHS wants contractor to test privacy of ‘anonymous’ data — Federal Computer Week.
Compliance, along with security and privacy, is a big topic when firms consider cloud services. I recently did a Forrester Webinar on the topic of compliance for cloud computing. You can access the recording here: http://www.forrester.com/cloudsecuritywebinar. This blog entry is a recap of the Webinar.
via The Forrester Blog For Security & Risk Professionals.
The Health Insurance Portability and Accountability Act, known as HIPAA, took effect in April 2003, and through October, the Health and Human Services Department had fielded 47,632 allegations of patient privacy violations. Of those, 9,501 were found to be valid.
And how many criminal prosecutions occurred? The department did not answer that question for the Sun, but some experts put the number as low as five. Others say it is fewer than 20. Most were connected to another crime, usually identity theft — such as the case of a Washington man who worked at a cancer-treatment center. He pleaded guilty in 2004 to stealing patient information to obtain credit cards.
The Health Insurance Portability and Accountability Act (HIPAA) allows CVS Caremark access to information on patients covered by its pharmacy benefit manager for administering claims and other limited purposes. Company letters collected by NCPA document CVS Caremark tapping into personal medical histories for marketing purposes, such as to urge patients to switch an existing prescription from their independent community pharmacy to a CVS retail or Caremark mail order pharmacy. A redacted example letter can be found here
The FBI said Friday it may investigate a breach of patient privacy laws at University Medical Center, where hospital officials are reeling with the realization that at least one of their employees has leaked confidential names, birth dates and Social Security numbers.
via FBI looking at UMC records leak – Saturday, Nov. 21, 2009 | 2 a.m. – Las Vegas Sun.
