MedWorm provides a medical RSS filtering service. Over 6000 RSS medical sources are combined and output via different filters. This feed contains the latest medical blog items that have been tagged with 'data breach'. Sat, 03 Sep 2011 02:49:58 +0100 http://www.medworm.com/index.php?rid=4605916&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fwww.hhs.gov%2Fabout%2FFY2012budget%2Focr_cj_fy2012.pdf HealthLeaders reports that the Office of Civil Rights (OCR) is seeking an additional $5.6 million in its Fiscal Year 2012 budget proposal to fund its HIPAA compliance and enforcement activities.The article also details the most current reported numbers on breaches reported to OCR. As of March 16 there have been 249 entities that have reported breaches affecting 500 or more individuals. To view the current data and details on reported breaches go to the OCR Breaches Affecting 500 or More Individuals. (Source: Health Care Law Blog) Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=4605916 Thu, 17 Mar 2011 15:35:29 +0100 4605916 http://www.medworm.com/index.php?rid=3524059&cid=t_131786_85_f&fid=39183&url=http%3A%2F%2Fdrbobbs.wordpress.com%2F2009%2F10%2F10%2Fdata-breach%2F BlueCross BlueShield data breach affects 850,000 doctors: Physicians’ names addresses, federal tax ID numbers and national provider numbers were contained in an unencrypted file on the laptop. The data breach presents the possibility of massive medical insurance fraud, but the 187,000 doctors who used their Social Security numbers as tax ID numbers or provider numbers [...] (Source: Dr. Bobbs) Dr. Bobbs blogs http://www.medworm.com/rss/comments.php?id=3524059 Sun, 11 Oct 2009 04:26:21 +0100 3524059 http://www.medworm.com/index.php?rid=2865778&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fweb.me.com%2Fasgoldberg1%2Ffilechute%2Fharmstandarddatabreachletter.pdf Members of the U.S. House of Representative submitted an October 1, 2009 letter of concern to Secretary Sebelius and the Department of Health and Human Services (HHS) concerning inclusion of a "harm standard" in the recently released(August 24, 2009) Interim Final Rule - Breach Notification for Unsecured Protected Health Information (45 CFR Part 160 and 164) 74 Fed. Reg. 42740.HHS in developing the Interim Final Rule interpreted the term "compromises" as meaning that a threshold substantial harm standard should be included when determining whether a breach of data has occurred. However, the Members indicate in their letter that they considered whether a "harm standard" should be a part of the legislation and decided not to include such a standard. The letter urges HHS to revise and repeal ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2865778 Mon, 05 Oct 2009 22:28:41 +0100 2865778 http://www.medworm.com/index.php?rid=2862609&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fedocket.access.gpo.gov%2F2009%2Fpdf%2FE9-20169.pdf Have you had a health data security breach? Do you know what a health data breach is? Are you required to notify individuals impacted by the breach? Do you have to notify federal agencies of such breach?Read on for more information regarding the Office for Civil Right (OCR) and Federal Trade Commission (FTC) regulations requiring health care providers and other health data business vendors to assess and in some cases notify and report health information data breaches under the new federal law created by ARRA-HITECH.The new regulations went into effect on September 23, 2009 and September 24, 2009, respectively, with a full compliance date of February 22, 2010. Health care providers covered under HIPAA and third party users of health information, including personal health record (PHR) compan... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2862609 Mon, 05 Oct 2009 13:55:03 +0100 2862609 http://www.medworm.com/index.php?rid=2405636&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FHealthCareBlogLaw%2F%7E3%2FS6xQbqNr1w4%2Fvirginia-department-of-health_07.html Virginia Department of Health Professions has issued a News Release regarding the potential breach of security for the Prescription Monitoring Program. The statement also indicates that there is an ongoing criminal investigation into the breach which occurred on April 30. Also, the Virginia Department of Health Professions has issued a related Questions and Answers document. I have been following the story the last couple of days and provide some analysis of the potential breach in this previous blog post. UPDATE (5/13/09): iHealthBeat provides a good news update on the status of the data breach and  investigation.The article references articles from the Richmond Times-Dispatch, "Inquiry continues into hacking of state computers," and "FBI expects Va. Hacker probel to take two more... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2405636 Wed, 13 May 2009 21:51:53 +0100 2405636 http://www.medworm.com/index.php?rid=2390057&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Ffeedproxy.google.com%2F%7Er%2FHealthCareBlogLaw%2F%7E3%2FKmBzZ5HRTLs%2Fvirginia-department-of-health.html Information Week is covering a story involving an extortion letter sent last week to the Virginia Department of Health Professions seeking $10M to return more than 8M patient records and 35M prescriptions allegedly stolen from the Virginia Department of Health Professions.The extortion demand was posted on WikiLeaks. The WikiLeaks website states:May 3, 2009SummaryOn Thursday, April 30, the secure site for the Virginia Prescription Monitoring Program (PMP) was replaced with a $US10M ransom demand: "I have your shit! In *my* possession, right now, are 8,257,378 patient records and a total of 35,548,087 prescriptions. Also, I made an encrypted backup and deleted the original. Unfortunately for Virginia, their backups seem to have gone missing, too. Uhoh :(For $10 million, I will gladly send a... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2390057 Wed, 06 May 2009 21:05:30 +0100 2390057 http://www.medworm.com/index.php?rid=2376392&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fedocket.access.gpo.gov%2F2009%2Fpdf%2FE9-9512.pdf On April 17, 2009, the U.S. Department of Health & Human Services (HHS) issued guidance on the technology requirements to render protected health information (PHI) "unusable, unreadable or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health Act (HITECH) which is a part of the American Recovery and Reinvestment Act of 2009 (ARRA). The April 27, 2009 Federal Register (74 FR 19006), v\:* { BEHAVIOR: url(#default#VML) } o\:* { BEHAVIOR: url(#default#VML) } w\:* { BEHAVIOR: url(#default#VML) } .shape { BEHAVIOR: url(#default#VML) } st1\:* { BEHAVIOR: url(#default#ieooui) } @font-face { font-family: Tahoma; } @font-face { font-family: Arial Narrow; } @page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2376392 Mon, 27 Apr 2009 13:48:47 +0100 2376392 http://www.medworm.com/index.php?rid=2348921&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fwww.ftc.gov%2Fos%2F2009%2F04%2FR911002healthbreach.pdf This study and report must be completed by February 2010. In the interim, the Act requires the Commission to issue a temporary rule requiring these entities to notify consumers if the security of their health information is breached. The proposed rule the Commission is announcing today is the first step in implementing this requirement.In keeping with the Recovery Act, the proposed rule requires vendors of personal health records and related entities to provide notice to consumers following a breach. The proposed rule also stipulates that if a service provider to one of these entities experiences a breach, it must notify the entity, which in turn must notify consumers of the breach. The proposed rule contains additional requirements governing the standard for what triggers the notice, as w... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=2348921 Fri, 17 Apr 2009 16:01:10 +0100 2348921 http://www.medworm.com/index.php?rid=1943315&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Findianapolis.fbi.gov%2Fdojpressrel%2Fpressrel08%2Fextortion100108.pdf The WSJ Health Blogs reports about a potential data breach at Express Scripts, one of the largest pharmacy benefit management companies in North America. More from Express Scripts on the Facts, FAQs and Other Resources.The potential data breach came to Express Scripts attention after having received an anonymous letter attempting to extort money from the company by threatening the expose millions of patient records. The threat letter included personal information on 75 members, including names, dates of birth, social security numbers and prescription information.The article also mentions a similar extortion related data breach which occurred in March 2006 and involved Medical Excess LLC, a subsidiary of AIG. In that case the FBI investigated and arrested an individual who stole a computer ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=1943315 Fri, 07 Nov 2008 21:06:06 +0100 1943315 http://www.medworm.com/index.php?rid=1939683&cid=t_131786_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F444773321%2F The big pharmacy benefits manager says it received a letter in early October from an unknown person or persons trying to extort money by threatening to expose millions of patients’ records. The letter included personal data - including dates of birth, social security numbers, and in some cases, their prescription info - for 75 of its members, who were notified, along with the FBI. “We have been conducting a thorough investigation since we received this threat and we are taking it very seriously,” George Paz, Express Scripts’ ceo and chairman, in a statement. “We are cooperating with the FBI and are committed to doing what we can to protect our members’ personal information and to track down the person or persons responsible for this criminal act…a ... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1939683 Fri, 07 Nov 2008 02:46:06 +0100 1939683 http://www.medworm.com/index.php?rid=1865677&cid=t_131786_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F415172137%2F In observance of still more ancient traditions, we are signing off a little early this evening. Thank you all for stopping by as often as you did this week and we look forward to interacting with you again in a couple of days. On that note, we would like to remind you to feel free to forward items our way. Meanwhile, we leave you with these… Bristol-Myers Workers Win Extra ID Protection (Hartford Business) Euro RSCG Wins Glaxo’s Levitra Ad Account (AdWeek) Merck & Lilly Open Vaults For TB Research (The Seattle Times) Conflicting Data On COPD Inhaler (Associated Press) (Source: Pharmalot) Pharmalot blogs http://www.medworm.com/rss/comments.php?id=1865677 Wed, 08 Oct 2008 21:56:20 +0100 1865677 http://www.medworm.com/index.php?rid=1782558&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fhealthcarebloglaw.blogspot.com%2F2008%2F09%2Fcalifornia-proposes-new-privacy-breach.html Last month The LA Times reported on a new law (AB 211 and SB 541) moving through the California Legislature to increase protections around confidential medical and health information and create a new state Office of Health Information Integrity to oversee compliance, investigate breaches and assess fines.The article cites the high profile celebrity snooping cases into the records of Britney Spears, Farrah Fawcett and California First Lady Maria Shriver as recent examples highlighting the need for more protection. Governor Schwarzenegger has a personal interest in signing this bill if it gets through the legislature. The Health Law Prof Blog provides some additional insight and information on the bills.As is often the case California is a leader in new legislative initiatives and I suspect ... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=1782558 Wed, 10 Sep 2008 12:19:00 +0100 1782558 http://www.medworm.com/index.php?rid=1158157&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fhealthcarebloglaw.blogspot.com%2F2008%2F01%2Fadvocating-need-for-federal-data-breach.html Information Week's Security Blog advocates for a federal data breach disclosure law in this post, The Time Is Now (Better Yet, Yesterday) For A Federal Data Breach Disclosure Law.Thanks to the HIPAA Blog for point out the article. I agree with Jeff Drummond's conclusion. After having analyzed overlapping and different state disclosure requirements as a part of assisting clients with data breach issue a federal approach is the direction we should go. (caveat: it should require total preemption - not partial preemption like HIPAA privacy).A federal approach would help set a national industry standard that can be clearly understood, implemented and followed by those who regularly deal in data, health care or otherwise. The state-by-state patchwork of different laws that currently exist create... Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=1158157 Thu, 17 Jan 2008 15:38:00 +0100 1158157 http://www.medworm.com/index.php?rid=971372&cid=t_131786_114_f&fid=34646&url=http%3A%2F%2Fhealthcarebloglaw.blogspot.com%2F2007%2F10%2Fdata-missing-on-200000-west-virginia.html WSAZ News, the State Journal and Charleston Gazette are reporting that data on approximately 200,000 past and current members of West Virginia Public Employees Insurance Agency (PEIA) is missing. According to the articles, the data was contained on a computer tape being mailed to a data analyst in Pennsylvania and was reported missing on October 18.The data tape included names and maiden names, addresses, social security numbers, telephone numbers, and marital status of program participants and their covered dependents. The article indicates that the data tape did not contain medical or prescription claims information.According to the article, letters will be mailed to impacted members and a hotline will be set up to answer questions about the lost data. (Source: Health Care Law Blog) Health Care Law Blog blogs http://www.medworm.com/rss/comments.php?id=971372 Tue, 23 Oct 2007 04:44:00 +0100 971372 http://www.medworm.com/index.php?rid=928092&cid=t_131786_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F165355682%2F Already this year, there have been three episodes - look here, here and here. This latest, however, isn’t due to a lapse in the drugmaker’s systems, but can be traced to the company that provides cars to Pfizer employees, such as the sales reps. Last week, Wheels sent letters to about 1,800 Pfizer spouses and domestic partners saying there was a “temporary encryption error in the security system of a web site Wheels Inc was using to collect data.” As a result, personal info was “briefly transmitted over the Internet in an unsecured manner.” What kind of info? Names, addresses, date of birth and driver’s license numbers. The info was to have been used for background checks in order for spouses or domestic partners of Pfizer employees to be eligible ... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=928092 Thu, 04 Oct 2007 19:27:26 +0100 928092 http://www.medworm.com/index.php?rid=903797&cid=t_131786_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F161064834%2F The drugmaker has contacted federal authorities in hopes they will prosecute a former employee responsible for a data breach that affected 34,000 people, according to info released by the Connecticut attorney general, The Day reports. This was one of three episodes involving Pfizer data breaches this year; the first one affected 17,000 former and current employees. Pfizer attorney Bernard Nash, in a five-page response to questions posed earlier this month by state Attorney General Richard Blumenthal, said the drugmaker contacted “a management-level federal prosecutor” and now hopes the former employee will be prosecuted “to the fullest extent of the law.” In his Sept. 12 letter, Nash writes that Pfizer learned of the data breach after the suspect had left the drugmaker. The suspect... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=903797 Tue, 25 Sep 2007 12:57:12 +0100 903797 http://www.medworm.com/index.php?rid=853882&cid=t_131786_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F154201741%2F The comments on the drugmaker’s Intranet system, known as Pfizer World, are largely filled with venom over the handling of the string of security breaches, which compromised personal data for tens of thousands of current and former Pfizer employees so far this year. The episodes prompted attention for law enforcement and a putative class-action lawsuit. Here is breach one, two and three. The Day, a newspaper that circulates near Pfizer’s Groton, Ct., R&D facility, ran a few employee remarks… • “Let’s see…401K match in an underperforming stock and the ability to have your personal information leaked to the world. This is a premier employer?” asks a posting from New Jersey. • “This is pathetic,” writes an employee from Pfizer Global Research &#0... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=853882 Sun, 09 Sep 2007 13:51:55 +0100 853882 http://www.medworm.com/index.php?rid=734675&cid=t_131786_150_f&fid=35777&url=http%3A%2F%2Ffeeds.feedburner.com%2F%7Er%2FPharmalot%2F%7E3%2F133661764%2F It took the drugmaker only a month and a half to notify its 17,000 current and former employees of the now-famous data breach this past spring, according to an eight-page letter from the company that state Attorney General Richard Blumenthal released today. You can read the letter here. An attorney for Pfizer, Bernard Nash, write in the July 11 letter, that the drugmaker learned about the data breach April 18 when an independent consultant told the company about finding sensitive data on a peer-to-peer network, but Pfizer didn’t start notifying anyone until June 1, and the mailing to employees wasn’t completed until June 6. There was no explanation as to why Pfizer waited six weeks, however. An internal investigation found the breach occurred on March 26, when the spouse of a Pfizer em... Pharmalot blogs http://www.medworm.com/rss/comments.php?id=734675 Sat, 14 Jul 2007 13:55:18 +0100 734675