Data Privacy News / Alerts

 - - News Alert  - -

Surpassing financial data, authentication credentials are now the hot item on the black market.”

- SC Magazine July, 2010

June 10, 2010 

Five hospitals were fined a collective total of $675,000 for failing to prevent unauthorized access to confidential patient medical files.

• Community Hospital of San Bernardino was issued two fines: $250,000 after an employee wrongly accessed 204 patient records and $75,000 for an employee who accessed three records.
  
• Enloe Medical Center in Chico was fined $130,000 after a patient's information was wrongfully accessed by 7 employees.
  
• Rideout Memorial Hospital in Marysville was fined $100,000 after 17 employees unlawfully accessed the files of 33 patients.
  
• Ronald Reagan UCLA Medical Center in Los Angeles and San Joaquin Community Hospital in Bakersfield were also penalized.

 * See Red Flags Compliance Section

March 9, 2010

LifeLock Will Pay $12 Million to Settle Charges by the FTC and 35 States That Identity Theft Prevention and Data Security Claims Were False

 Read the FTC Report

January, 2010

CVS Fined $2.25 Million for Careless Handling of Paper Records

• Must submit to outside audit every 2 years
• Ordered to provide employee training on privacy records

On June 24, 2009 the FTC issued a final consent order that the CVS/Caremark Pharmacy chain violated privacy information laws as well as numerous HIPAA regulations when it carelessly handled paper records containing sensitive customer and employee information.

"This is a case that will restore appropriate privacy protections to tens of millions of people across the country," said FTC chairman William Kovacic following the settlement. "It also sends a strong message to other organizations that possess consumers' protected personal information. They are required to secure consumers' private information."

Under the order, CVS must:

• Be audited every two years for the next 20 years by a qualified, independent, third-party professional.
• And develop a new training program to instruct employees on how to handle sensitive patient data.

Investigations into the breaches followed media reports from around the country that CVS’ pharmacies were throwing trash into open dumpsters that contained all sorts of personal information -- including patient records, credit card information, employment applications, and account data.

The FTC's complaint charges that CVS/Caremark did not implement reasonable policies and procedures to dispose securely of personal information, did not adequately train employees, did not use reasonable measures to assess compliance with its policies and procedures for disposing of personal information, and did not employ a reasonable process for discovering and remedying risks to personal information, the FTC said.

May, 2009 - Lifelock, Debix and similar id-theft protection companies no longer allowed to place fraud alerts on your behalf.

- Contact Us

 So we can help you, your employees, and your customers place a fraud alert on their credit file 

call: 805-230-2545   or    e-mail: JMCGroup@roadrunner.com 

HEALTHCARE PRIVACY - News

California Dept of Public Health Imposes $250,000 Sanction

May, 2009, Los Angeles -  California regulators today imposed the first monetary fines under the new patient privacy law that went into effect in January of this year. 

 Kaiser Permanente's Bellflower hospital was hit with the maximum penalty allowed, $250,000, for failing to prevent unauthorized employees from accessing medical records of a patient.

Contact Us about Preventing Medical Record Breaches at your Facility  -  JMCGroup@Roadrunner.com / 805-230-2545

                              News - Texas Atty General charges company for dumping privacy data papers in trash bins

That's what authorities in the UK declared as they approved legislation to make it a crime to negligently handle personal data records - both paper and electronic.  A proposed amendment to the EU's Data Protection Act would boost data breach prevention efforts by giving a wake-up call to businesses, organizations, and any person that processes personal data.  - 'lose the data . . . lose your liberties'    Read the full story

• California's Breach Notification Law amended to include "medical information" and "health insurance information". AB 1298 becomes law

California's groundbreaking Breach Notification Law, which went into effect in 2003, and has been copied by states and governments worldwide, was amended and now includes medical information and health insurance information as additional elements of protected personal data

California's Civil Code Sections 1798.29 & 1798.82 now define "medical information" as: any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, and "health insurance information" as: an individual's health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual's application and claims history, including any appeals records.

Latest Privacy Survey indicates:

• Average business cost for a single data breach = $6.3 million  
  (up 31 percent from '06; and 90 percent since '05)
• Average business cost per lost privacy data record = $197.00 - EACH!

- Baselinemag.com, November, 2007

Please See The Legal Risks & Laws Page
 

 

Member: