[Dataloss] Data Breach at AR Hospital
Henry Brown
hbrown at knology.net
Wed Jul 2 15:11:35 UTC 2008
http://www.nwanews.com/adg/News/230290/
Baptist Health has sent letters warning about 1, 800 patients that the
hospital system’s records may have been breached, the Arkansas
Democrat-Gazette has learned.
The notification came after the arrest of a Baptist Health employee at a
Wal-Mart store on 25 counts of financial identity fraud.
[...]
An investigation continues, said Sgt. Terry Kuykendall, a spokesman for
the North Little Rock Police Department. The U. S. Secret Service is
helping with the investigation.
The June 24 letter from Baptist Health to patients stated: “Due to a
breach of our information systems security policies, there is a
possibility that some personal information, such as your name, address,
date of birth, Social Security number, and reason for coming to Baptist
Health, was accessed by an unauthorized person.” No information in the
patient’s “medical records” and no information about the patient’s
diagnosis or prognosis was accessed, the letter said.
But while no “medical record” information was accessed, the letter
mentioned the patient’s “reason for coming” to the system possibly was
accessed. Lowman said a reason stated by a patient using the system
isn’t considered medical information because the reason is a layman’s
explanation, not one from a medical professional.
He said the breach wouldn’t violate the Health Insurance Portability and
Accountability Act, or HIPAA.
But Pam Dixon, executive director of the San Diego-based World Privacy
Forum, a privacy advocacy group, thinks all the information mentioned in
the letter falls under HIPAA.
[...]
Several weeks passed before patients were notified by the letter.
Baptist Health sent the letter after it learned more of the scope of the
police investigation and audited what Hill had access to, according to
Lowman.
[...]
More information about the Dataloss
mailing list