BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Arkansas breach due to terminated resident

From: security curmudgeon <jericho () attrition org>
Date: Thu, 29 Nov 2012 12:27:35 -0600 (CST)


---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.clinical-innovation.com/topics/privacy-security/arkansas-breach-due-terminated-resident

By Beth Walsh
Clinical Innovation + Technology
Nov 27, 2012

The University of Arkansas for Medical Sciences (UAMS) is notifying 
approximately 1,500 patients of a medical records breach involving a 
resident physician who was terminated in 2010.

UAMS in Little Rock, Ark., recently discovered that a former resident kept 
some patient lists and notes regarding patients in violation of UAMS' 
policy after leaving facility on June 3, 2010. The documents the resident 
kept were from January 2010 to June 2010 and contained patient names, 
partial addresses, medical record numbers, dates of birth, ages, locations 
of care, dates of service, diagnoses, medications, surgical and other 
procedure names, as well as lab results, according to a release. No social 
security, bank account or credit card numbers were included with this 
information.

UAMS said its HIPAA Office became aware of this incident Oct. 9 when the 
resident produced the documents during her lawsuit against UAMS regarding 
her termination from the residency program. On Nov. 7, UAMS became aware 
that additional documents the resident kept had been provided to UAMS 
attorneys June 25. The records are now protected by a court order, which 
prevents them from becoming a public record and will prevent anyone from 
further using or disclosing the documents.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.
Previous By Date Next
Previous By Thread Next

Current thread: