Arkansas breach due to terminated resident

[InfoSec News <alerts () infosecnews org>]

http://www.clinical-innovation.com/topics/privacy-security/arkansas-breach-due-terminated-resident

By Beth Walsh
Clinical Innovation + Technology
Nov 27, 2012

The University of Arkansas for Medical Sciences (UAMS) is notifying 
approximately 1,500 patients of a medical records breach involving a 
resident physician who was terminated in 2010.

UAMS in Little Rock, Ark., recently discovered that a former resident 
kept some patient lists and notes regarding patients in violation of 
UAMS' policy after leaving facility on June 3, 2010. The documents the 
resident kept were from January 2010 to June 2010 and contained patient 
names, partial addresses, medical record numbers, dates of birth, ages, 
locations of care, dates of service, diagnoses, medications, surgical 
and other procedure names, as well as lab results, according to a 
release. No social security, bank account or credit card numbers were 
included with this information.

UAMS said its HIPAA Office became aware of this incident Oct. 9 when the 
resident produced the documents during her lawsuit against UAMS 
regarding her termination from the residency program. On Nov. 7, UAMS 
became aware that additional documents the resident kept had been 
provided to UAMS attorneys June 25. The records are now protected by a 
court order, which prevents them from becoming a public record and will 
prevent anyone from further using or disclosing the documents.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org