Illegal Dumping of Medical Records Exposes PHI of Ohio Drug Rehab Clinic Patients
Illegal Dumping Medical Files Uncovered Another case of illegal dumping of medical records has been reported, this time involving a Utah drug and rehabilitation clinic, Positive Adjustments. The company went out of business approximately 6 months ago; however medical records were discovered in a dumpster outside the abandoned clinic – at 4548 South Atherton, Taylorsville, by a contractor employed by Dr. Scott Cold, DDS on Friday last week. Dr. Cold confirmed to Fox News that the files contained complete patient records, including patient names, contact information, Social Security numbers and treatment data, in addition to confidential court documents. Medical Records Dumped in Public View When Dr. Cold’s contractor turned up for work on Friday, August 7, the medical records were noticed in the physician’s dumpster, which was open, with the files in clear view of anyone passing close by. The matter was brought to the attention of Dr. Cold who was aware of HIPAA Rules covering Protected Health Information (PHI), and notified law enforcement; however, the records could just as easily...
Prima Care Discovers Improper Dumping of PHI: 1,651 Patients Affected
This week another case of improper dumping of PHI has been discovered, with an employee of a New England healthcare provider allegedly dumping files that were no longer needed. Employees are the Weakest Link Healthcare employees are the weakest link in security defenses. Being human, they are prone to make errors from time to time. A mistyped email address can be all it takes to expose thousands of patient health records, as has occurred on numerous occasions already this year. Improper Dumping of PHI Discovered However this week, a (now former) employee of a healthcare provider has exposed patient records in a rather atypical way. The individual in question was an employee of Prima CARE, P.C, a healthcare provider based in New England. That individual breached HIPAA and hospital rules by maintaining patient records without the knowledge of his or her employer, and apparently dumped the files when they were no longer required. Prima CARE was alerted to the breach when binders containing a wide variety of patient data was discovered in some bushes off Jefferson Street...
Urology Associates Reports 6500-Record Data Breach
Offsite storage of paper medical records may be convenient if facility space is limited; but the decision to store records offsite may prove to be a costly, as Kailspell-based healthcare provider, Urology Associates recently discovered. The company had taken advantage of a local storage facility and rented a unit to store boxes of old medical records. Unfortunately, the facility was recently burgled. Storage Units are a Risky Place to Keep Sensitive Medical Records Storage units are frequently burgled. The units are secured with locks; but in many cases, all that is required to access the contents is a set of heavy duty bolt cutters. Thieves have realized there are easy pickings to be had from storage units, and law enforcement has had to deal with a spate of storage unit break-ins recently. The problem is not limited to Kalispell; it is a countrywide problem. Records Potentially Accessed, but not Stolen Medical records are extremely valuable. Complete sets of data can fetch in the region of $60 on the black market. Clean records, such as those of children, can be...
Hospital Drug Pump Hacking Risk Discovered
In addition to having to deal with the threat to electronic health records from hackers, hospitals must also be wary of attacks on their medical devices; as evidenced by a new Food and Drug Administration (FDA) warning over a drug pump hacking risk that exists with Hospira’s Symbiq drug pump. Symbiq Drug Pump Hacking Risk Warning Issued by FDA Only a few days ago, two hackers discovered it was possible to hack into the onboard computers of Fiat Chrysler automobiles and take control of the vehicle; now patient’s plugged into the Symbiq drug pump could potentially be at the mercy of malicious hackers. Such is the severity of the Symbiq drug pump hacking risk, on Friday last week the FDA issued a warning to all hospitals using the device, instructing them to retire the devices and make the transition to other, more secure drug infusion pumps. In the meantime the FDA recommended that healthcare providers should “disconnect the pumps from their networks and update their drug libraries manually.” Since the vulnerability can be exploited via unused ports on the devices, the FDA...
New Basic Guide to HIPAA Compliance Released By HHS
The Department of Health and Human Services’ Office for Civil Rights has recently issued a basic guide to HIPAA compliance; a summary of HIPAA Rules for covered entities. A Basic Guide to HIPAA Compliance The Health Insurance Portability and Accountability Act (HIPAA) places a number of requirements on healthcare providers, health plans, healthcare clearinghouses, and Business Associates of HIPAA-covered entities, to safeguard data, protect the privacy of patients, and notify them of incidents that expose their Protected Health Information (PHI). HIPAA legislation is complicated, and many covered entities, especially smaller healthcare providers, struggle to understand the HIPAA Privacy, Security, and Breach Notification Rules, and turn those rules into policies into procedures. The Department of Health and Human Services’ Office for Civil Rights is the enforcer of HIPAA Rules, and while the agency investigates data breaches, it is also charged with improving understanding of data privacy and security legislation. One way it achieves this objective is by issuing guidance to help...



