BreachExchange mailing list archives
Data Breach at AR Hospital
From: Henry Brown <hbrown () knology net>
Date: Wed, 02 Jul 2008 10:11:35 -0500
http://www.nwanews.com/adg/News/230290/ Baptist Health has sent letters warning about 1, 800 patients that the hospital system’s records may have been breached, the Arkansas Democrat-Gazette has learned. The notification came after the arrest of a Baptist Health employee at a Wal-Mart store on 25 counts of financial identity fraud. [...] An investigation continues, said Sgt. Terry Kuykendall, a spokesman for the North Little Rock Police Department. The U. S. Secret Service is helping with the investigation. The June 24 letter from Baptist Health to patients stated: “Due to a breach of our information systems security policies, there is a possibility that some personal information, such as your name, address, date of birth, Social Security number, and reason for coming to Baptist Health, was accessed by an unauthorized person.” No information in the patient’s “medical records” and no information about the patient’s diagnosis or prognosis was accessed, the letter said. But while no “medical record” information was accessed, the letter mentioned the patient’s “reason for coming” to the system possibly was accessed. Lowman said a reason stated by a patient using the system isn’t considered medical information because the reason is a layman’s explanation, not one from a medical professional. He said the breach wouldn’t violate the Health Insurance Portability and Accountability Act, or HIPAA. But Pam Dixon, executive director of the San Diego-based World Privacy Forum, a privacy advocacy group, thinks all the information mentioned in the letter falls under HIPAA. [...] Several weeks passed before patients were notified by the letter. Baptist Health sent the letter after it learned more of the scope of the police investigation and audited what Hill had access to, according to Lowman. [...] _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- Data Breach at AR Hospital Henry Brown (Jul 02)