BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Data Breach at AR Hospital

From: Henry Brown <hbrown () knology net>
Date: Wed, 02 Jul 2008 10:11:35 -0500
http://www.nwanews.com/adg/News/230290/

Baptist Health has sent letters warning about 1, 800 patients that the 
hospital system’s records may have been breached, the Arkansas 
Democrat-Gazette has learned.

The notification came after the arrest of a Baptist Health employee at a 
Wal-Mart store on 25 counts of financial identity fraud.

[...]

An investigation continues, said Sgt. Terry Kuykendall, a spokesman for 
the North Little Rock Police Department. The U. S. Secret Service is 
helping with the investigation.

The June 24 letter from Baptist Health to patients stated: “Due to a 
breach of our information systems security policies, there is a 
possibility that some personal information, such as your name, address, 
date of birth, Social Security number, and reason for coming to Baptist 
Health, was accessed by an unauthorized person.” No information in the 
patient’s “medical records” and no information about the patient’s 
diagnosis or prognosis was accessed, the letter said.

But while no “medical record” information was accessed, the letter 
mentioned the patient’s “reason for coming” to the system possibly was 
accessed. Lowman said a reason stated by a patient using the system 
isn’t considered medical information because the reason is a layman’s 
explanation, not one from a medical professional.

He said the breach wouldn’t violate the Health Insurance Portability and 
Accountability Act, or HIPAA.

But Pam Dixon, executive director of the San Diego-based World Privacy 
Forum, a privacy advocacy group, thinks all the information mentioned in 
the letter falls under HIPAA.

[...]

Several weeks passed before patients were notified by the letter. 
Baptist Health sent the letter after it learned more of the scope of the 
police investigation and audited what Hill had access to, according to 
Lowman.

[...]


_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss

Tenable Network Security offers data leakage and compliance monitoring
solutions for large and small networks. Scan your network and monitor your
traffic to find the data needing protection before it leaks out!
http://www.tenablesecurity.com/products/compliance.shtml
Previous By Date Next
Previous By Thread Next

Current thread: