Thursday, February 18, 2016

Still Not Strivig Enough For That Culture Of Compliance

Mishandling of PHI Still Excessive
Covered Entities are still not always investing enough serious commitment into ensuring the safety of PHI and the crucial development of this culture of compliance among staff members.  The following data breach stories have been reported on Becker's Hospital Review in just the past three weeks.

1. During a Thanksgiving Day trip to a public recycling center, a man stumbled upon hundreds of medical records belonging to patients of Springfield, Ohio-based Community Mercy Health Partners.

2. Naples, Fla.-based NCH Healthcare reported a data breach compromising employee information stemming from two servers in the CernerDataCenter in Kansas City, Mo.

3. A mailing error resulted in 700 patients of Borgess Rheumatology in Kalamazoo, Mich., being sent information that did not belong to them, the clinic reported.

4. Two overly curious Miami-based Jackson Health System employees were fired for accessing NFL player Jason Pierre-Paul's medical record after he received treatment there for a finger injury.

5. In a separate instance, another 'rogue' Jackson Health System employee is suspected of stealing the confidential information of more than 24,000 health system patients over the past five years, including sensitive information like Social Security numbers and addresses.

6. Seim Johnson, a hospital auditing company, reported that a laptop containing information from nearly 31,000 patients was stolen. One hospital affected by the breach, McCook, Neb.-based CommunityHospital, notified 4,200 of its patients that they may be affected. It is still unclear who the remaining approximately 26,800 patients are and where they may have received care.
 7. Hackers accessed and dumped the personal information of more than 9,000 Department of Homeland Security employees on Monday. The hackers reportedly entered through a Department of Justice email account and hope to send a message to the U.S. government to cut its ties with Israel and rally support for Palestine.

8. Apple Health, Washington state's Medicaid program, reported that two employees of different state agencies exchanged the personal health information of more than 91,000 individuals in a manner not compliant with HIPAA.

9. PortlandHealth & ScienceUniversity reported a hard drive stolen from a student's car that contained information from a number of infants who were enrolled to participate in a research study in the hospital's neonatal intensive care unit in 2013.

10. Centene, a St. Louis-based payer who in January reported hard driving containing information from nearly 1 million individuals missing, has found the missing data. The drives had been placed in a secure receptacle to be destroyed.

11. The federal government announced it will not pursue action against University of Rochester (N.Y.) MedicalCenter over a 2015 data breach in which a nurse shared a list of patient names without permission. URMC did however fork over $15,000 in December for a HIPAA settlement.

12. The Atlanta VA Medical Center accidentally gave a veteran who requested a copy of his medical record and incomplete version of that record, along with the records of 10 other people the man had never met.
...and last but not least... Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoin to a hacker who seized control of the hospital's computer systems and would give back access only when the money was paid, the hospital's chief executive said Wednesday.  The assault on Hollywood Presbyterian occurred Feb. 5, 2016 when hackers using malware infected the institution's computers, preventing hospital staff from being able to communicate from those devices, said Chief Executive Allen Stefanek.


For more information on this and other healthcare compliance topics related to HIPAA, OSHA, Medicare and HR, simply email your questions to
visit our website at or post a question on our LinkedIn group at:

To subscribe to this blog, enter your email address:

Delivered by FeedBurner