California Medical Data Breach Reports Growing – Get Rid of Those Unencrypted USB Drives
Posted Jul 09 2009 10:43pm
If you are still carrying around records on a non encrypted USB drive, you might want to think twice about it if you are in California. As you can read the cases are varied and some reported by patients, I would guess the patients reporting finding out that someone potentially had some of their confidential information. Again, I am still surprises to see hospitals still allow physicians to connect one to their system, especially after the big virus issue suffered by the DOD as an example.
Store data on a secured server to be safe and make sure it is encrypted and lock down computers from using Peer to Peer music networks too as a lot of data gets exposed that way with users who end up sharing everything on their PC. One of the biggest errors I have seen is the one below, the devices were encrypted, but passwords were taped on the devices.
California officials have received more than 800 reports of health data breaches in five months after a new state law went into effect January 1.
The law requires health care organizations in California to report suspected incidents of intentional and unintentional unauthorized breaches of a patient’s personally identifiable health information to the California Department of Public Health.
Of the cases reported, which also include complaints from patients, officials have conducted full investigations on 122 cases so far and confirmed 116 as actual breaches. The types of breaches run the gamut from unintentionally faxing a patient’s chart or test reports to the wrong phone number to intentional snooping by workers. Most of the breaches reported so far have been unintentional.
California led the way in data breach laws when it passed the first notification law, which went into effect in July 2003. It requires entities doing business in California to notify consumers when their personally identifiable information is breached, such as a name and Social Security or credit card number. The law helped expose the extent of the data-breach problem and prompted other states to follow suit with their own laws. California’s new medical data breach law is the first in the nation and is being closely watched by other states. Healthcare providers, however, have criticized it for being too rigid.