business

Data breaches affect patients in 3 states

Stolen laptops, dumped records and an unprotected website leave personal data exposed for more than 1.2 million people.

By Pamela Lewis Dolan — Posted June 22, 2010

Print  |   Email  |   Respond  |   Reprints  |   Like Facebook  |   Share Twitter  |   Tweet Linkedin

More than a million Florida residents lost personal information in one of several security breaches reported in recent weeks.

AvMed Health, a Florida-based health plan, said data about nearly 1.2 million members and former members were breached when two laptops were stolen in December 2009 from an AvMed office in Gainesville, Fla.

The insurer notified 360,000 customers of the breach in February. But AvMed said on June 3 that further investigation found that an additional 860,000 people had been affected.

Information included names, addresses, birth dates, Social Security numbers and health information. Although there is no evidence that the data were misused, the company contracted with an identity protection service to respond to the breach.

In another case, officials at the University of Louisville in Kentucky said on June 2 that it was notifying 708 dialysis patients of a breach. They discovered that patient names, Social Security numbers and medical information had been displayed on an unsecured website for about 19 months.

Gary Mans, spokesman for the University of Louisville, said the database was a registry for patients of the university's kidney dialysis program. The users of the site thought it was password-protected when, in fact, it was not. But even though it was technically public, there were no links to the site, and there's no evidence it was accessed by any unauthorized users, Mans said. The website was disabled when the problem was discovered.

Mans said the university is offering a year of credit monitoring to those affected.

Meanwhile, Impulse Monitoring, a Columbia, Md., company that provides onsite and Web-based monitoring of neurological systems for patients undergoing spinal and brain-related injuries, is denying any responsibility in a case involving the June 6 dumping of several boxes of data in a church parking lot in Nashville, Tenn.

The data included checks, billing statements, medical records and employee payroll information belonging to NVMS, a monitoring business that declared bankruptcy in 2008. Impulse purchased some of that company's assets in 2009, but it said those assets did not include data on former patients.

Janine Gregory, general counsel for Impulse, said some personal information for former NVMS employees now employed by Impulse might have been included in the dumped records. She had no further information about the case.

The Health Information Technology for Economic and Clinical Health Act in 2009 added a requirement under the Health Insurance Portability and Accountability Act that health care organizations must notify victims and the media of any data breaches affecting more than 500 people. In February the Dept. of Health and Human Services began posting a list of those reported breaches online (link).

Back to top


ADVERTISEMENT

ADVERTISE HERE


Featured
Read story

Confronting bias against obese patients

Medical educators are starting to raise awareness about how weight-related stigma can impair patient-physician communication and the treatment of obesity. Read story


Read story

Goodbye

American Medical News is ceasing publication after 55 years of serving physicians by keeping them informed of their rapidly changing profession. Read story


Read story

Policing medical practice employees after work

Doctors can try to regulate staff actions outside the office, but they must watch what they try to stamp out and how they do it. Read story


Read story

Diabetes prevention: Set on a course for lifestyle change

The YMCA's evidence-based program is helping prediabetic patients eat right, get active and lose weight. Read story


Read story

Medicaid's muddled preventive care picture

The health system reform law promises no-cost coverage of a lengthy list of screenings and other prevention services, but some beneficiaries still might miss out. Read story


Read story

How to get tax breaks for your medical practice

Federal, state and local governments offer doctors incentives because practices are recognized as economic engines. But physicians must know how and where to find them. Read story


Read story

Advance pay ACOs: A down payment on Medicare's future

Accountable care organizations that pay doctors up-front bring practice improvements, but it's unclear yet if program actuaries will see a return on investment. Read story


Read story

Physician liability: Your team, your legal risk

When health care team members drop the ball, it's often doctors who end up in court. How can physicians improve such care and avoid risks? Read story