01/05/2012
Los Angeles Times columnist Michael Hiltzik describes a recent situation in which executives from Shasta Regional Medical Center, which is owned by Prime Healthcare Services, showed a patient's medical chart to the Redding Record Searchlight, arguing that the incident violates patient privacy rules because the hospital executives did not obtain the patient's written authorization. "The behavior of Prime and Shasta Regional should provide rich fodder for investigations by state and federal agencies and by U.S. prosecutors in Sacramento, who cover Shasta County," Hiltzik writes. Los Angeles Times.
12/22/2011
Attorneys have filed a class-action lawsuit against the UCLA Health System over a security breach in September that exposed data on 16,288 patients. The suit is seeking as much as $16 million in damages. Modern Healthcare.
12/12/2011
Last week, Vallejo Rite Aid officials announced that prescription drug files on about 3,000 customers have been missing since August. At the end of August, employees at the newly renovated Rite Aid on Solano Avenue realized that several boxes containing prescription records were missing. Spokesperson Ashley Flower said that the company has electronic copies of the files and that the missing files do not contain any credit card or Social Security numbers. Rite Aid retained a risk consulting firm to notify affected customers. Vallejo Times-Herald.
12/05/2011
On Friday, Contra Costa County officials mailed letters to county hospital patients whose names unintentionally appeared online in a public document. Officials said the incident involves patients who were relieved of medical debt last year by county supervisors. An agenda item posted online contained more than 5,000 patient names and financial records, but no medical information. County Administrator David Twa said that the names have been redacted and that the state Department of Public Health was notified. Twa added that the county started an internal investigation last week. Contra Costa Times.
11/30/2011
On Nov. 21, the law firm Dreyer Babich Buccola Wood filed a class-action lawsuit against Sutter Health in a response to a stolen computer containing personal information on more than four million patients. On Nov. 16, the law firm Harris & Rubel filed a similar lawsuit on behalf of a patient against Sutter Medical Foundation and Sutter Physician Services. Both lawsuits allege that Sutter did not have adequate safeguards in place and failed to notify affected patients within 30 days of the incident. eWeek, Becker's Hospital Review.
11/23/2011
Sutter Health patients have filed a lawsuit against the health system following the theft of a computer that contained personal data of more than four million patients. The lawsuit argues that Sutter was negligent in securing data and in notifying affected patients. Sacramento Bee, KCRA.
11/17/2011
Sutter Health has announced that a computer containing personal data on 4.2 million patients was stolen from its medical office in Sacramento last month. Officials said that the computer was password-protected but that data were not encrypted. Sacramento Business Journal et al.
11/11/2011
On Wednesday, HHS' Health Resources and Services Administration restored access to the public section of the National Practitioner Data Bank, which tracks physician disciplinary actions and malpractice claims. HHS blocked access to the public section earlier this year after a physician expressed confidentiality concerns. Upon reopening the database, HRSA officials said users must agree that they will not combine the data with publicly available records to identify physicians. Journalists and consumer advocates criticized the restriction, saying that it places restraints on press freedom. New York Times et al.
11/07/2011
UCLA Health System officials have alerted about 16,000 patients that an external hard drive containing personal data was stolen from a physician's home. The hard drive's information was encrypted, but a piece of paper with the password also is missing. Los Angeles Times et al.
10/06/2011
New details have emerged about how the information of 20,000 patients at Stanford Hospital & Clinics ended up on a public website for nearly a year. A billing subcontractor sent a spreadsheet with patient data to a job applicant as part of a pre-employment exercise. New York Times.
10/04/2011
Stanford Hospitals & Clinics says it will defend itself against a $20 million lawsuit filed by a patient on behalf of 20,000 other patients whose medical data were breached. The lawsuit claims Stanford violated a medical data privacy law. San Jose Mercury News, Palo Alto Weekly.
09/23/2011
A measure on the desk of Gov. Brown would allow minors in California to receive preventive treatment for sexually transmitted infections without obtaining the consent of a parent or guardian. Brown has not stated his position on the legislation. San Diego Union-Tribune.
09/23/2011
State and federal health officials are urging physicians to take steps to try to prevent medical fraud and identity theft. At a meeting at UC-Riverside, officials warned that medical fraud could disrupt health care services and physician payment. Riverside Press-Enterprise.
09/19/2011
Last week, several consumer advocacy and journalism groups criticized the Obama administration's removal of certain information from the National Practitioner Data Bank, which tracks physician disciplinary actions and malpractice claims. HHS blocked access to the public section of the database because of confidentiality concerns expressed by a physician. HHS spokesperson Martin Kramer said the agency is working to restore public access to the data. Reuters et al.
09/09/2011
Information on more than 20,000 patients treated at Stanford Hospital & Clinics was publicly posted to a commercial website for nearly one year, the hospital has confirmed. The exposed data include patients' names, billing charges and diagnosis codes. New York Times et al.