A privacy breach of diagnostic images and personal information on 500 patients was reported by a Canadian hospital.
The breach was the result of a staff physician sharing his username and password with a physician not affiliated with the hospital. While physicians often share information with others in the course of providing care there are regulations that must be complied with to protect patient confidentiality. In this case it seems regulations were not followed and the Information and Privacy Commission of Ontario is investigating.
"The privacy breach was discovered in early April and it took multiple gymnastics from an IT perspective to be able to come up with a list and determine to what extent and when it began."The hospital CEO noted "multiple gymnastics from an IT perspective" were needed to determine when the breach began and its extent. IT gymnastics can be eliminated by using Identity and Access Intelligence (IAI), SaaS analytics services.
- Andree Robichaud, CEO Thunder Bay Regional Health Sciences Centre
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Hospital Apologizes for Data Breach - www.seclists.org, 05/28/2013
Florida's E-FORCE program was "to encourage safer prescribing of controlled substances and to reduce drug abuse and diversion within the state" but as some feared it has put private health data at risk.
Prime Healthcare Services has agreed to pay $275,000 to settle a federal case alleging violation of patient privacy by the CEO of the Shasta Regional Medical Center (owned by Prime).
A drug bust recovered personal information on 4,500 Sutter Health patients; patients' names, Social Security numbers, birthdates, genders, addresses, zip codes, marital status, employer names, and home/work phone numbers may have been exposed.
