University of Pittsburgh Medical Center Patients Warned of BA HIPAA Breach
A Business Associate (BA) of the University of Pittsburgh Medical Center has notified the healthcare provider, and numerous other clients, of a HIPAA breach caused by a rogue employee. The now former employee is alleged to have stolen the records of 2,259 patients. Medical Management LLC – a medical billing company – was notified by federal law enforcement agencies that a member of staff at the company was believed to have stolen and disclosed confidential data and that the incident was being investigated. The employee in question – who has not been named – was a worker in the company’s call center. That person has been accused of copying “personal information from the billing system” and disclosing the information to a third party. Social Security Numbers and Personally Identifiable Information Stolen Patients affected by the breach are being sent breach notification letters from today to alert them that their personal information has been obtained and disclosed. They have been advised that their names, dates of birth and Social Security numbers had been compromised. Breach...
NLRB Judge Rules HIPAA Violation not Grounds for Employment Termination
A National Labor Reform Board (NLRB) judge has ruled that the termination of an employee’s contact on the grounds of a clear HIPAA violation was not justified under the circumstances. The International Union of Operating Engineers (Charging Party or Union) alleged that Rocky Mountain Eye Center, P.C. had violated the National Labor Relations Act (NLRA) by terminating the employment of a worker, Britta Brown, on the grounds of a HIPAA violation. The employee had accessed protected records of co-workers to obtain contact information for a union-organizing campaign. In this case, the violation occurred because the organization in question was a medical practice and its patients included employees. The records needed to be legitimately accessed, but the employee used Centricity – Rocky Mountain Eye Center’s healthcare IT system – to obtain the information. When employee contact information is accessed, it is also possible for authorized users to access the Protected Health Information of those individuals. The National Labor Relations Act offers protections to employees, the...
Brown County Supervisors Meet to Discuss Potential HIPAA Privacy Violation
Supervisors from Brown County, Wis., are considering the position of the Chief Medical Examiner (CME), Jeff Jansen, after he has been accused of committing HIPAA privacy violations on multiple occasions, within 6-months of taking up the position. One incident in particular is at the center of the current discussion. The former CME – Al Klimek – is alleged to have participated in an email discussion with a local funeral director about the condition of a body, even though he had retired and had no legitimate access to that information. In the email, he made a reference to a blood sample and its location and also included information about organ donation. This information was allegedly shared using an insecure medium and the data constituted PHI. However, what is of more concern is how Klimek obtained that information. Jansen is seen as “a protégé of the former Medical Examiner”, according to the Green Bay Press Gazette, and he has been accused of divulging PHI and breaching HIPAA Rules, a claim he vehemently denies. His supporters have said the accusations represent a “witch...
Indiana State Medical Association HIPAA Breach Update
Details have emerged on the Indiana State Medical Association data breach reported in early March. The Indiana State Medical Association issued a media release in which it confirmed that a data breach was suffered in which approximately 39,000 individuals were exposed, after two back-up hard drives were stolen from an employee’s car. A report in the Star Press yesterday adds further detail to the story, suggesting the initial report was inaccurate and the breach was not reported promptly. The employee in question has also been disclosed as being the ISMA Information Technology Administrator. The employee parked his car in a lot for a period of two and a half hours, and during that time a thief broke into the vehicle and stole two computer back up hard drives containing 39,090 medical records. The hard drives are understood to have been left in plain sight inside the vehicle. The employee did not report the theft until more than 24 hours later. The theft report was filed at 7 pm on February 14. The administrator called law enforcement to report the theft and officers were dispatched...
Cost of Data Breaches to Hit $2.1 Trillion by 2019
Juniper Research has released a new report suggesting the cost of data breaches will hit $2.1 trillion by 2019 as a result of the increase in cybercrime and the sheer scale of data that will be recorded on consumers’ lives. The Future of Cyber Crime & Security The new report – The Future of Cybercrime & Security: Financial & Corporate Threats & Mitigation – offers an in depth analysis of the current digital security landscape and the threats now being faced, and creates a roadmap for the evolution of connected devices to predict the effect that data breaches will have over the course of the next four years. While security of the Internet of Things is getting a lot of attention at present, Juniper Research calculates the actual risk of data exposure to be minimal, certainly over the next four years. The real threat, and where the majority of data breaches will occur, is the current IT infrastructure according to Juniper. Network servers, laptop computers and other endpoints will continue to be the major locations of breaches. The report suggests that the...



