MedWorm provides a medical RSS filtering service. Over 6000 RSS medical sources are combined and output via different filters. This feed contains the latest medical blog items that have been tagged with 'breach'. Sat, 03 Sep 2011 02:24:00 +0100 http://www.medworm.com/index.php?rid=5008412&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fwww.hhs.gov%2Focr%2Fprivacy%2Fhipaa%2Fenforcement%2Fexamples%2FUCLAHSracap.pdf The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced that the University of California at Los Angeles Health System which includes UCLA Ronald Reagan Medical Center, UCLA Santa Monica Medical Center, and Orthopedic Hospital, Resnick Neuropsychiatric Hospital, and the Faculty Practice Group of UCLA (UCLAHS) has agreed to settle potential violations under the HIPAA Privacy and Security Rules for $865,500. Read the OCR press release. The settlement highlights that hospitals, physicians, and other covered entities must understand the importance of monitoring the level of access workforce members have to medical and health information. Covered entities must have policies and procedures in place and educate workforce members about only accessing records for ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=5008412 Fri, 08 Jul 2011 15:16:22 +0100 5008412 http://www.medworm.com/index.php?rid=4605916&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fwww.hhs.gov%2Fabout%2FFY2012budget%2Focr_cj_fy2012.pdf HealthLeaders reports that the Office of Civil Rights (OCR) is seeking an additional $5.6 million in its Fiscal Year 2012 budget proposal to fund its HIPAA compliance and enforcement activities.The article also details the most current reported numbers on breaches reported to OCR. As of March 16 there have been 249 entities that have reported breaches affecting 500 or more individuals. To view the current data and details on reported breaches go to the OCR Breaches Affecting 500 or More Individuals. (Source: Health Care Law Blog) Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=4605916 Thu, 17 Mar 2011 15:35:29 +0100 4605916 http://www.medworm.com/index.php?rid=4133905&cid=t_182172_113_f&fid=34634&url=http%3A%2F%2Fwww.emrandhipaa.com%2Femr-and-hipaa%2F2010%2F10%2F27%2Fhospital-breach-by-job-applicant%2F During a bond hearing Thursday in Superior Court, Wheeler’s Macon attorney Reza Sedghi described his client’s actions as a job application gone awry with “no criminal intent or compromise of sensitive patient information.” Sedghi said Wheeler had obtained access to the database with a password and access codes obtained while working on a Macon physician’s connectivity problems with the hospital. The attorney said Wheeler uncovered seven flaws in the hospital’s system and sought to use the discovery to land a job with the countywide medical complex, spending several hours with Rhodes and David Griffin, the hospital’s security chief. “They asked for and received a copy of his resume and a written report of his findings,” Sedghi reported in court. “Then they walked out of ... EMR and HIPAA blogs http://www.medworm.com/rss/comments.php?id=4133905 Wed, 27 Oct 2010 16:59:53 +0100 4133905 http://www.medworm.com/index.php?rid=4013258&cid=t_182172_109_f&fid=34750&url=http%3A%2F%2Fpsychcentral.com%2Fblog%2Farchives%2F2010%2F09%2F29%2Ffraser-kirk-and-adjustment-disorders%2F In Australia, David Jones’ publicist Kristy Fraser-Kirk is suing the company she works for and its former CEO Mark McInnes for sexual harassment. David Jones is sort of like Macy’s, except it’s based in Australia. According to news reports, Ms. Fraser-Kirk, 27, is suing David Jones, Mark McInnes and nine directors of the company. She is seeking compensation for a number of different claims, including breach of contract, as well as punitive damages of $37 million. Not exactly chump change. But then again, maybe that’s what it takes to send a clear message about how sexual harassment will not be tolerated in the modern workplace. But due to the publicity surrounding the case in Australia, she’s now making a new novel claim — that the publicity has led to a... World of Psychology blogs http://www.medworm.com/rss/comments.php?id=4013258 Wed, 29 Sep 2010 10:20:49 +0100 4013258 http://www.medworm.com/index.php?rid=3999074&cid=t_182172_113_f&fid=34634&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FEmrAndHipaa%2F%7E3%2Fkv2gKUn5zI4%2F I was recently sent an Information Week article on the “Steady Bleed: State of HealthCare Data Breaches.” The article basically tries to list out all of the data breaches that are happening in healthcare and how healthcare companies aren’t doing what they need to do to protect patient data. Now, I’ll be the first to acknowledge that more can always be done. I even agree that more can and needs to be done to protect patient information. However, I don’t agree with the article’s assertion that the use of an electronic health record (EHR) is the reason why health care providers are so poorly securing patient information. Many of you might remember my post on EMR and EHR about HIPAA Breaches related to EMR. In that post, I discuss how it’s unfair for s... EMR and HIPAA blogs http://www.medworm.com/rss/comments.php?id=3999074 Thu, 23 Sep 2010 17:19:53 +0100 3999074 http://www.medworm.com/index.php?rid=2963090&cid=t_182172_88_f&fid=35612&url=http%3A%2F%2Ftheknifeman.blogspot.com%2F2009%2F11%2Fnight-shifts-hard-work-and-sickness.html Another set of nights, another Doc off sick.Trying to compare 'now' with 'then' is often fruitless... memory is, by its very nature, unreliable; we both forget things, and remember things falsely. Rose tinted spectacles.That having said... I'm sure short notice sickness is more prevalent now than it was when I was younger. And I definitely wouldn't have remembered it wrong.Maybe it's just me. When I was on the house, being off sick meant someone else having to cover your work, or, perhaps more to the point, you having to cover someone else's work when they were off sick. So, in general, we weren't enormously sympathetic to anything we perceived as someone pulling a sickie. There was a culture of 'working through it'. Is it a good thing that's gone?I'm sure it is. No-one should have to feel... The KnifeMan blogs http://www.medworm.com/rss/comments.php?id=2963090 Mon, 02 Nov 2009 15:46:00 +0100 2963090 http://www.medworm.com/index.php?rid=3524059&cid=t_182172_85_f&fid=39183&url=http%3A%2F%2Fdrbobbs.wordpress.com%2F2009%2F10%2F10%2Fdata-breach%2F BlueCross BlueShield data breach affects 850,000 doctors: Physicians’ names addresses, federal tax ID numbers and national provider numbers were contained in an unencrypted file on the laptop. The data breach presents the possibility of massive medical insurance fraud, but the 187,000 doctors who used their Social Security numbers as tax ID numbers or provider numbers [...] (Source: Dr. Bobbs) Dr. Bobbs blogs http://www.medworm.com/rss/comments.php?id=3524059 Sun, 11 Oct 2009 04:26:21 +0100 3524059 http://www.medworm.com/index.php?rid=2865778&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fweb.me.com%2Fasgoldberg1%2Ffilechute%2Fharmstandarddatabreachletter.pdf Members of the U.S. House of Representative submitted an October 1, 2009 letter of concern to Secretary Sebelius and the Department of Health and Human Services (HHS) concerning inclusion of a "harm standard" in the recently released(August 24, 2009) Interim Final Rule - Breach Notification for Unsecured Protected Health Information (45 CFR Part 160 and 164) 74 Fed. Reg. 42740.HHS in developing the Interim Final Rule interpreted the term "compromises" as meaning that a threshold substantial harm standard should be included when determining whether a breach of data has occurred. However, the Members indicate in their letter that they considered whether a "harm standard" should be a part of the legislation and decided not to include such a standard. The letter urges HHS to revise and repeal ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2865778 Mon, 05 Oct 2009 22:28:41 +0100 2865778 http://www.medworm.com/index.php?rid=2862609&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fedocket.access.gpo.gov%2F2009%2Fpdf%2FE9-20169.pdf Have you had a health data security breach? Do you know what a health data breach is? Are you required to notify individuals impacted by the breach? Do you have to notify federal agencies of such breach?Read on for more information regarding the Office for Civil Right (OCR) and Federal Trade Commission (FTC) regulations requiring health care providers and other health data business vendors to assess and in some cases notify and report health information data breaches under the new federal law created by ARRA-HITECH.The new regulations went into effect on September 23, 2009 and September 24, 2009, respectively, with a full compliance date of February 22, 2010. Health care providers covered under HIPAA and third party users of health information, including personal health record (PHR) compan... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2862609 Mon, 05 Oct 2009 13:55:03 +0100 2862609 http://www.medworm.com/index.php?rid=2724983&cid=t_182172_113_f&fid=34634&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FEmrAndHipaa%2F%7E3%2FwsjLQrvP82g%2F Yes, this website is called EMR and HIPAA, but as you can tell from the content I’m much more interested in EMR than I am in HIPAA. Although there is certainly some correlation. That said, I think there’s some interesting things happening with HIPAA that people need to be aware of. HHS released the Breach Notification Final Rule. Healthcare POV said the following about the rule: The Department of Health and Human Services (HHS) has released a final rule on breach notification requirements for covered entities (CEs) and business associates (BAs). Published in the Federal Register, the rule dictates proper procedure for responding to a breach, including when notification is required, who to tell and how to dispense that information. The rule also reiterates and clarifies recommen... EMR and HIPAA blogs http://www.medworm.com/rss/comments.php?id=2724983 Fri, 21 Aug 2009 18:39:50 +0100 2724983 http://www.medworm.com/index.php?rid=2405636&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FHealthCareBlogLaw%2F%7E3%2FS6xQbqNr1w4%2Fvirginia-department-of-health_07.html Virginia Department of Health Professions has issued a News Release regarding the potential breach of security for the Prescription Monitoring Program. The statement also indicates that there is an ongoing criminal investigation into the breach which occurred on April 30. Also, the Virginia Department of Health Professions has issued a related Questions and Answers document. I have been following the story the last couple of days and provide some analysis of the potential breach in this previous blog post. UPDATE (5/13/09): iHealthBeat provides a good news update on the status of the data breach and  investigation.The article references articles from the Richmond Times-Dispatch, "Inquiry continues into hacking of state computers," and "FBI expects Va. Hacker probel to take two more... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2405636 Wed, 13 May 2009 21:51:53 +0100 2405636 http://www.medworm.com/index.php?rid=2390057&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FHealthCareBlogLaw%2F%7E3%2FKmBzZ5HRTLs%2Fvirginia-department-of-health.html Information Week is covering a story involving an extortion letter sent last week to the Virginia Department of Health Professions seeking $10M to return more than 8M patient records and 35M prescriptions allegedly stolen from the Virginia Department of Health Professions.The extortion demand was posted on WikiLeaks. The WikiLeaks website states:May 3, 2009SummaryOn Thursday, April 30, the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $US10M ransom demand: "I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send a... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2390057 Wed, 06 May 2009 21:05:30 +0100 2390057 http://www.medworm.com/index.php?rid=2390014&cid=t_182172_113_f&fid=34634&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FEmrAndHipaa%2F%7E3%2FohS0R02MYQ0%2F I’m not sure how many of my readers have heard about the Virginia Prescription Monitoring Program being hacked yesterday. The Prescription Monitoring Program is used by pharmacists and others to discover prescription drug abuse. The story gets really interesting since it looks like the hackers encrypted over 8 million patient records and over 35 million prescriptions. Then, the hackers posted the following note on the Virginia Prescription Monitoring Program website (according to wikileaks): “I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will ... EMR and HIPAA blogs http://www.medworm.com/rss/comments.php?id=2390014 Tue, 05 May 2009 20:06:26 +0100 2390014 http://www.medworm.com/index.php?rid=2376392&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fedocket.access.gpo.gov%2F2009%2Fpdf%2FE9-9512.pdf On April 17, 2009, the U.S. Department of Health & Human Services (HHS) issued guidance on the technology requirements to render protected health information (PHI) "unusable, unreadable or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH) which is a part of the American Recovery and Reinvestment Act of 2009 (ARRA). The April 27, 2009 Federal Register (74 FR 19006), v\:* { BEHAVIOR: url(#default#VML) } o\:* { BEHAVIOR: url(#default#VML) } w\:* { BEHAVIOR: url(#default#VML) } .shape { BEHAVIOR: url(#default#VML) } st1\:* { BEHAVIOR: url(#default#ieooui) } @font-face { font-family: Tahoma; } @font-face { font-family: Arial Narrow; } @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2376392 Mon, 27 Apr 2009 13:48:47 +0100 2376392 http://www.medworm.com/index.php?rid=2348921&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fwww.ftc.gov%2Fos%2F2009%2F04%2FR911002healthbreach.pdf This study and report must be completed by February 2010. In the interim, the Act requires the Commission to issue a temporary rule requiring these entities to notify consumers if the security of their health information is breached. The proposed rule the Commission is announcing today is the first step in implementing this requirement.In keeping with the Recovery Act, the proposed rule requires vendors of personal health records and related entities to provide notice to consumers following a breach. The proposed rule also stipulates that if a service provider to one of these entities experiences a breach, it must notify the entity, which in turn must notify consumers of the breach. The proposed rule contains additional requirements governing the standard for what triggers the notice, as w... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2348921 Fri, 17 Apr 2009 16:01:10 +0100 2348921 http://www.medworm.com/index.php?rid=2287231&cid=t_182172_109_f&fid=34750&url=http%3A%2F%2Fpsychcentral.com%2Fblog%2Farchives%2F2009%2F03%2F23%2Fjama-and-deangelis-respond-but-deangelis-should-resign%2F In an attempt to whitewash their own actions and responsibility to uphold the highest standards of academic publishing, Catherine D. DeAngelis and Phil B. Fontanarosa — editors of the Journal of the American Medical Association (JAMA) — published an editorial defending their handling of a conflict of interest and blasting the professor who brought it to their attention. In a classic example of shooting the messenger, it’s my opinion that DeAngelis and Fontanarosa absolve themselves of all blame, and suggest that any reports where they called Lincoln Memorial University Assistant Dean of Students and Professor Jonathan Leo Ph.D., a “a nothing and a nobody” were “erroneous.” (In other words, the editors of JAMA are apparently suggesting that the Wall... World of Psychology blogs http://www.medworm.com/rss/comments.php?id=2287231 Mon, 23 Mar 2009 13:38:13 +0100 2287231 http://www.medworm.com/index.php?rid=1943315&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Findianapolis.fbi.gov%2Fdojpressrel%2Fpressrel08%2Fextortion100108.pdf The WSJ Health Blogs reports about a potential data breach at Express Scripts, one of the largest pharmacy benefit management companies in North America. More from Express Scripts on the Facts, FAQs and Other Resources.The potential data breach came to Express Scripts attention after having received an anonymous letter attempting to extort money from the company by threatening the expose millions of patient records. The threat letter included personal information on 75 members, including names, dates of birth, social security numbers and prescription information.The article also mentions a similar extortion related data breach which occurred in March 2006 and involved Medical Excess LLC, a subsidiary of AIG. In that case the FBI investigated and arrested an individual who stole a computer ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=1943315 Fri, 07 Nov 2008 21:06:06 +0100 1943315 http://www.medworm.com/index.php?rid=1939683&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F444773321%2F The big pharmacy benefits manager says it received a letter in early October from an unknown person or persons trying to extort money by threatening to expose millions of patients’ records. The letter included personal data - including dates of birth, social security numbers, and in some cases, their prescription info - for 75 of its members, who were notified, along with the FBI. “We have been conducting a thorough investigation since we received this threat and we are taking it very seriously,” George Paz, Express Scripts’ ceo and chairman, in a statement. “We are cooperating with the FBI and are committed to doing what we can to protect our members’ personal information and to track down the person or persons responsible for this criminal act…a ... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1939683 Fri, 07 Nov 2008 02:46:06 +0100 1939683 http://www.medworm.com/index.php?rid=1865677&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F415172137%2F In observance of still more ancient traditions, we are signing off a little early this evening. Thank you all for stopping by as often as you did this week and we look forward to interacting with you again in a couple of days. On that note, we would like to remind you to feel free to forward items our way. Meanwhile, we leave you with these… Bristol-Myers Workers Win Extra ID Protection (Hartford Business) Euro RSCG Wins Glaxo’s Levitra Ad Account (AdWeek) Merck & Lilly Open Vaults For TB Research (The Seattle Times) Conflicting Data On COPD Inhaler (Associated Press) (Source: Pharmalot) Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1865677 Wed, 08 Oct 2008 21:56:20 +0100 1865677 http://www.medworm.com/index.php?rid=1782558&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fhealthcarebloglaw.blogspot.com%2F2008%2F09%2Fcalifornia-proposes-new-privacy-breach.html Last month The LA Times reported on a new law (AB 211 and SB 541) moving through the California Legislature to increase protections around confidential medical and health information and create a new state Office of Health Information Integrity to oversee compliance, investigate breaches and assess fines.The article cites the high profile celebrity snooping cases into the records of Britney Spears, Farrah Fawcett and California First Lady Maria Shriver as recent examples highlighting the need for more protection. Governor Schwarzenegger has a personal interest in signing this bill if it gets through the legislature. The Health Law Prof Blog provides some additional insight and information on the bills.As is often the case California is a leader in new legislative initiatives and I suspect ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=1782558 Wed, 10 Sep 2008 12:19:00 +0100 1782558 http://www.medworm.com/index.php?rid=1760170&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F381299585%2F The admission follows a March 2006 explosion at a plant in Ayrshire, Scotland, which caused two workers to suffer serious burns and others were treated for shock, the BBC reports, noting that one side of the factory was blown off and a fire broke out after the blast. The drugmaker admitted to two charges relating to management failures. The plant makes chemicals used in the production of malaria and HIV drugs are treated there. An explosion and fire occurred at the same plant in 1999. The company was fined the equivalent of $40,000 after that incident. (Source: Pharmalot) Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1760170 Tue, 02 Sep 2008 11:53:03 +0100 1760170 http://www.medworm.com/index.php?rid=1631582&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F337150769%2F The drugmaker sent letters over the past week saying a data tape containing reams of personal information was stolen several weeks ago, and that an untold number of current and former employees - and their dependents - could be affected, according to sources. Such episodes are, unfortunately, increasingly common in this largely digitized world. Pfizer, for instance, experienced several instances over the past year in which employee info was compromised due to security breaches. Here’s some background. Bristol-Myers is offering current and former employees credit monitoring for one year, but for the moment, has declined to comment on the breach. Meanwhile, we are awaiting a copy of the letter sent to current and former employees and, if it arrives, we hope to provide a link. We will a... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1631582 Wed, 16 Jul 2008 15:09:41 +0100 1631582 http://www.medworm.com/index.php?rid=1437088&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F288964691%2F There have been so many security breaches involving the drugmaker over the past year that we are losing track. The latest involved an unencrypted USB flash drive that was recently stolen from a Pfizer employee’s car, along with an encrypted laptop and some personal items. The unencrypted flash drive contained info regarding approximately 13,000 Pfizer pfolks. Unlike the previous breaches, Pfizer has this time decided, “after careful consideration,” that the latest incident doesn’t warrant free credit monitoring, based on the type of info exposed, and not exposed, according to a statement sent to us by Pfizer. Social security numbers, for instance, weren’t stored on the drive. Pfizer is now encrypting laptops and desktops worldwide and anticipate that project ... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1437088 Mon, 12 May 2008 22:26:16 +0100 1437088 http://www.medworm.com/index.php?rid=1186084&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F225372838%2F According to a Jan. 3 letter the Johnson & Johnson unit wrote to the New Hampshire attorney general, an undetermined number of computers have gone missing and may be stolen from its Horsham, Pa., headquarters. And one or two contained sensitive personal info belonging to an unspecified number of speakers and consultants who were retained for a ‘National Faculty and Rounds on the Road’ program. (Here’s the letter). Centocor says it was notified of the problem by its IT vendor in early October, 2007, and was provided additional details on Nov. 29th, 2007, although the drugmaker didn’t notify the New Hampshire AG until this month. The letter was written by Michael Schoeck, director of health care compliance at Johnson & Johnson, who also identifies himself as... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1186084 Tue, 29 Jan 2008 17:56:32 +0100 1186084 http://www.medworm.com/index.php?rid=1158157&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fhealthcarebloglaw.blogspot.com%2F2008%2F01%2Fadvocating-need-for-federal-data-breach.html Information Week's Security Blog advocates for a federal data breach disclosure law in this post, The Time Is Now (Better Yet, Yesterday) For A Federal Data Breach Disclosure Law.Thanks to the HIPAA Blog for point out the article. I agree with Jeff Drummond's conclusion. After having analyzed overlapping and different state disclosure requirements as a part of assisting clients with data breach issue a federal approach is the direction we should go. (caveat: it should require total preemption - not partial preemption like HIPAA privacy).A federal approach would help set a national industry standard that can be clearly understood, implemented and followed by those who regularly deal in data, health care or otherwise. The state-by-state patchwork of different laws that currently exist create... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=1158157 Thu, 17 Jan 2008 15:38:00 +0100 1158157 http://www.medworm.com/index.php?rid=971372&cid=t_182172_114_f&fid=34646&url=http%3A%2F%2Fhealthcarebloglaw.blogspot.com%2F2007%2F10%2Fdata-missing-on-200000-west-virginia.html WSAZ News, the State Journal and Charleston Gazette are reporting that data on approximately 200,000 past and current members of West Virginia Public Employees Insurance Agency (PEIA) is missing. According to the articles, the data was contained on a computer tape being mailed to a data analyst in Pennsylvania and was reported missing on October 18.The data tape included names and maiden names, addresses, social security numbers, telephone numbers, and marital status of program participants and their covered dependents. The article indicates that the data tape did not contain medical or prescription claims information.According to the article, letters will be mailed to impacted members and a hotline will be set up to answer questions about the lost data. (Source: Health Care Law Blog) Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=971372 Tue, 23 Oct 2007 04:44:00 +0100 971372 http://www.medworm.com/index.php?rid=928092&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F165355682%2F Already this year, there have been three episodes - look here, here and here. This latest, however, isn’t due to a lapse in the drugmaker’s systems, but can be traced to the company that provides cars to Pfizer employees, such as the sales reps. Last week, Wheels sent letters to about 1,800 Pfizer spouses and domestic partners saying there was a “temporary encryption error in the security system of a web site Wheels Inc was using to collect data.” As a result, personal info was “briefly transmitted over the Internet in an unsecured manner.” What kind of info? Names, addresses, date of birth and driver’s license numbers. The info was to have been used for background checks in order for spouses or domestic partners of Pfizer employees to be eligible ... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=928092 Thu, 04 Oct 2007 19:27:26 +0100 928092 http://www.medworm.com/index.php?rid=903797&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F161064834%2F The drugmaker has contacted federal authorities in hopes they will prosecute a former employee responsible for a data breach that affected 34,000 people, according to info released by the Connecticut attorney general, The Day reports. This was one of three episodes involving Pfizer data breaches this year; the first one affected 17,000 former and current employees. Pfizer attorney Bernard Nash, in a five-page response to questions posed earlier this month by state Attorney General Richard Blumenthal, said the drugmaker contacted “a management-level federal prosecutor” and now hopes the former employee will be prosecuted “to the fullest extent of the law.” In his Sept. 12 letter, Nash writes that Pfizer learned of the data breach after the suspect had left the drugmaker. The suspect... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=903797 Tue, 25 Sep 2007 12:57:12 +0100 903797 http://www.medworm.com/index.php?rid=853882&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F154201741%2F The comments on the drugmaker’s Intranet system, known as Pfizer World, are largely filled with venom over the handling of the string of security breaches, which compromised personal data for tens of thousands of current and former Pfizer employees so far this year. The episodes prompted attention for law enforcement and a putative class-action lawsuit. Here is breach one, two and three. The Day, a newspaper that circulates near Pfizer’s Groton, Ct., R&D facility, ran a few employee remarks… • “Let’s see…401K match in an underperforming stock and the ability to have your personal information leaked to the world. This is a premier employer?” asks a posting from New Jersey. • “This is pathetic,” writes an employee from Pfizer Global Research &#0... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=853882 Sun, 09 Sep 2007 13:51:55 +0100 853882 http://www.medworm.com/index.php?rid=839135&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F152003514%2F They say bad things often happen in threes…. The latest snafu reportedly affects an estimated 34,000 current and former Pfizer employees who, of course, are now at risk for identity theft, according to an Aug. 24 letter to employees obtained by The Detroit News. The breach may have caused employee names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card info, signatures and other personal data to be publicly exposed. The breach occurred late last year when a Pfizer employee removed copies of confidential info from a Pfizer computer system without the drugmaker’s knowledge or approval, the paper reports. Pfizer didn’t become aware of the breach until July 10. This is the third time since May that Pfizer has acknowledged a ... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=839135 Tue, 04 Sep 2007 11:16:59 +0100 839135 http://www.medworm.com/index.php?rid=797219&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F143830787%2F The drugmaker is quickly coming to resemble The Gang That Couldn’t Shoot Straight. Two months ago, Pfizer suffered an enormous embarassment after revealing that personal data, including social security numbers, belonging to 17,000 former and current employees was compromised after unauthorized file sharing software was used by an employee’s spouse on a laptop. Now, Pfizer is ‘fessing up to another incident. This time, two Pfizer laptops were stolen from a locked car, The Day reports. The laptops, which disappeared May 31 in Boston, included the names, addresses, social security numbers and cell phone numbers of health-care professionals who “were providing or considering providing contract services for Pfizer,” according to a letter sent to Connecticut attorney genera... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=797219 Tue, 14 Aug 2007 00:11:23 +0100 797219 http://www.medworm.com/index.php?rid=734675&cid=t_182172_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F133661764%2F It took the drugmaker only a month and a half to notify its 17,000 current and former employees of the now-famous data breach this past spring, according to an eight-page letter from the company that state Attorney General Richard Blumenthal released today. You can read the letter here. An attorney for Pfizer, Bernard Nash, write in the July 11 letter, that the drugmaker learned about the data breach April 18 when an independent consultant told the company about finding sensitive data on a peer-to-peer network, but Pfizer didn’t start notifying anyone until June 1, and the mailing to employees wasn’t completed until June 6. There was no explanation as to why Pfizer waited six weeks, however. An internal investigation found the breach occurred on March 26, when the spouse of a Pfizer em... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=734675 Sat, 14 Jul 2007 13:55:18 +0100 734675