In an effort to combat the exposure created by ever increasing electronification of health data, Patient Privacy Rights group sent a letter to the Office of Civil Rights to release a comprehensive guidance on cloud computing given that more and more health care entities are moving their health data to the “cloud”.
Here are round up of recent data breach announcements; Even Kaiser, considered by many as the darling of “paperless” health care, is under investigation for violating patient privacy. No corrective actions have been assessed but Kaiser should know better. The Hospice of North Idaho became the FIRST ever to settle and be FINED money ($50,000) for data breach violations under the HIPAA involving less than 500 patients. $140,000 fines were levied against a billing firm and four pathology practices in Massachusetts for HIPAA violations. Gibson General Hospital in Indiana announced a data breach involving 29,000 patients due to a stolen laptop. Louisiana State University’s health care services division notified more than 400 individuals in 12 states of data breach after an employee used their data to make counterfeit checks. Omnicell, provider of automated medication dispensing services, notified two healthcare systems that a loss of an Omnicell device containing 56,000 patient data has occurred. Kentucky Medicaid agency has notified more than 1,000 Medicaid patients of data breach due to a subcontractor falling for a scam that allowed inappropriate computer access. California Medi-Cal agency notified 2,600 Medi-Cal recipients that their Medi-Cal cards were mailed to wrong recipients due to a computer error.