Today I received notice that the Centers for Medicare & Medicaid Services (CMS) just issued a new publication, “Security Guidance for Remote Use‚Äù which is actually dated 12/28/2006.
“This document is intended to provide HIPAA covered entities with general information on the risks and possible mitigation strategies for remote use of Electronic Protected Health Information (EPHI).”
Government Health IT published an interesting report today, “Most privacy complaints are not investigated.”
From the article:
“The Department of Health and Human Services investigated less than 25 percent of 22,964 privacy complaints submitted to HHS‚Äô Office for Civil Rights (OCR) from April 2003 through September 2006”
The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”
The Longmont, CO Daily Times reported December 14 that a nurse’s laptop was stolen from her car whle she was parked at a restaurant, along with paper records containing personally identifiable information (PII): “students‚Äô names and dates of birth; the names of their schools and what grade they are in; the students‚Äô Medicaid numbers; and their parents‚Äô names.”
On December 14 WCPO TV 9 News reported:
“A break-in in Springdale, Ohio is affecting thousands of people in Pennsylvania. The office of Electronic Registry Systems on Northland Boulevard was broken into Thanksgiving weekend and a computer was stolen. That computer had medical records on it for some 25,000 participants in a Pennsylvania health plan. Police don’t suspect I.D. theft. They say, in other recent cases, the thieves wiped the computer’s hard drive clean and then tried to re-sell it.”
It was reported December 15 that Boeing had the 3rd laptop stolen in just a little over a year.
The laptop was stolen from an employee’s car. PII included “names, home addresses, phone numbers, Social Security numbers and dates of birth for current and former Boeing employees.”
The Boston Globe reported Tuesday that “Ameriprise Financial Services Inc. will pay $25,000 to settle a probe of how one of its laptop computers went missing with the personal data of thousands of Massachusetts residents.”
An Ameriprise Financial Services laptop was stolen in 2005 that contained clear text personally identifiable information (PII) about over 200,000 individuals.
An incident recently occurred where a contractor for the State of Vermont accidentally posted the Social Security numbers for hundreds of healthcare workers within Vermont. The data existed on the web site for approximately one month before it was removed.
This demonstrates one of the multiple reasons why organizations must ensure the acceptable security practices of the business partners to whom they entrust sensitive information.
Today CNN reported personally identifiable information (PII), Social Security numbers, home addresses and birth dates, about 800,000 current and former UCLA students, faculty and staff may have been compromised.
Surprisingly, the unauthorized access reportedly was occurring from October, 2005 through November 21 of this year when the security staff finally noticed suspicious activity.
Last week was a busy one for data protection bills for the end of the 109th U.S. Congress. Prior to adjourning, they introduced at least six bills related to data protection.
Subscribe to this site's RSS feed. However over icon to see which services are supported.