E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: DOTmed News

Posted on August 11, 2010

Almost one out of four data security breaches affected health care centers in 2010, according to reports, though the numbers are likely somewhat padded by mandatory breach reporting data added this year. Still, the numbers are leading privacy rights advocates to push for tougher disclosure laws.

As of Tuesday, there were nearly 400 serious data breaches this year in the United States, potentially compromising data from more than 13 million people, according to reports published by the Identity Theft Resource Center. Of those breaches, around 119 affected health care centers, Linda Foley, ITRC's founder, told DOTmed News.

But Foley cautions that this number might be "inflated" because the ITRC added all breaches posted this year to the U.S. Health and Human Services' new website, born out of Health Insurance Portability and Accountability Act reporting requirements. However, some of these breaches, though reported in 2010, actually happened in 2009.

"I will say that that number is an inflated number for the year because we found out about quite a few breaches with the new HHS website and we posted all of those at the end of March and beginning of April," she said. "So this year, that number's going to be skewed."

Nonetheless, hospitals are at genuine risk, and Foley worries that because of what she calls a loophole in HIPAA reporting laws the number of hospitals breached could be even higher.

In general, hospitals have to alert affected individuals immediately but are only required to spread the word of a breach to the media if more than 500 people were affected. But even then, it only applies if the hospital believes someone's privacy is really jeopardized by the breach, because the data is unencrypted.

"If the company believes there's no risk of harm then they don't have to send out notification for this list," Foley said. "And they self-determine that."

Of the alarming number of reported cases, many result from stolen laptops. In April, nearly 5,450 John Muir Health patients in California were notified that two laptops were stolen in February, which contained personal information. A Bowling Green, Ky. medical center notified 5,400 patients in May about a laptop stolen from a mammography suite, containing information on patients who underwent bone density testing between 1997 and 2009. And a Cincinnati children’s hospital notified 61,027 patients in late May about a stolen laptop containing information from patients from multiple states and several foreign countries. 

Hospitals sometimes refrain from reporting, Foley argued. And in some cases, hospitals will try to cover up security breaches to avoid bad publicity, said Paul Stephens, director of policy and advocacy for Privacy Rights Clearinghouse. 

"We have seen breaches that we know about, that aren't on that list," Foley said, "because they're saying there's no risk of harm, because back-up file disks are missing, and probably somewhere hidden behind a table or desk. But they don't know that," she said. 

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.