TRENDING:

Breach Prevention: Empty the Cabinet

Insurer failed to remove paper records when donating furniture Howard Anderson (ismg_editor) • April 19, 2010    
Breach Prevention: Empty the Cabinet
Just when you think you've heard about all the potential ways healthcare information can be breached comes word of an insurance company that forgot to empty a filing cabinet it donated along with other surplus office furniture.

Blue Cross & Blue Shield of Rhode Island reports that paper files containing personal information on about 12,000 of its BlueCHIP for Medicare members were left in the filing cabinet that it donated. The documents contained health surveys from 2001 to 2004 that included members' names, addresses, telephone numbers, Social Security numbers, Medicare ID numbers and self-reported medical information.

When the organization receiving the donated furnishings alerted the insurer that it found documents inside the cabinet, the insurer retrieved the paperwork, launched an investigation and alerted state and federal authorities. It also wrote to the 12,000 affected members, offering them a special hotline as well as free credit monitoring for one year.

HITECH rule

Under the HITECH Act's breach notification rule, breaches affecting more than 500 individuals must be reported to federal authorities and the media within 60 days. The Office for Civil Rights within the Department of Health and Human Services regularly updates a list of these breaches.

"Fortunately, thanks to the swift action of the nonprofit in notifying us, we believe there is little chance that member information will be misused," says James Purcell, president and CEO of the BCBS plan.

As a result of the incident, which involved the failure of certain employees to adhere to company policies and procedures, "the responsible employees have been appropriately disciplined, including several who have been terminated," the BCBS plan said in a statement.

Previous
Case Study: Iris Scans for Patient ID
Next
New Breach: Stolen Laptop Disabled Remotely

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.



Around the Network

CyberArk CEO Touts New Browser That Secures Privileged Users
CyberArk CEO Touts New Browser That Secures Privileged Users
HIPAA Considerations for AI Tool Use in Healthcare Research
HIPAA Considerations for AI Tool Use in Healthcare Research
Why Aren't 3rd Parties More Transparent About Breaches?
Why Aren't 3rd Parties More Transparent About Breaches?
Why Health Entities Need to Implement NIST Cyber Framework
Why Health Entities Need to Implement NIST Cyber Framework
Checking Out Security Before Using AI Tools in Healthcare
Checking Out Security Before Using AI Tools in Healthcare
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Closing Privacy 'Loopholes' in Reproductive Healthcare Data
Efficient Management of Enterprisewide Data Protection
Efficient Management of Enterprisewide Data Protection
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
HHS OCR Leader: Agency Is Cracking Down on Website Trackers
Why Legacy Medical Systems Are a Growing Concern
Why Legacy Medical Systems Are a Growing Concern
What's Inside Washington State's New My Health My Data Act
What's Inside Washington State's New My Health My Data Act

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.