Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

08e4fdf7-1b6d-4784-8868-d224dc881485

Children’s Dallas docked $3.2 million over patient privacy breaches

February 2, 2017

Children’s Medical Center of Dallas has paid a penalty of more than $3.2 million to the federal government over privacy breaches dating back to 2007 that left the data for thousands of patients at risk.
The facility voluntarily reported potential disclosures of patient health information, but it did not implement strong safeguards to ensure that the breaches would not happen again, according to a statement issued Wednesday from the U.S. Department of Health and Human Services.
Ensuring security precautions to protect health information is essential, said Robinsue Frohboese, acting director of the Office for Civil Rights in the statement.

“A lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine,” she said.

Children’s Health responded Thursday saying that it has fully cooperated with the government’s investigation, and that it does not believe any patient or their family was affected by the incidents.
In 2010, the medical center reported that the personal information for about 3,800 patients had been accessible on an unencrypted, non-password protected BlackBerry device used at the Dallas-Fort Worth International Airport the previous year.
However, according to the federal investigation, they were aware of the potential risk of that kind of incident since at least 2007. A security analysis conducted by the healthcare consulting firm Strategic Management Systems over a 3-month period ending February 2007 uncovered gaps.
So did a separate analysis in 2008 from the consulting firm PwC. It said encryption should be a “high priority” for the medical center, as stolen devices could put patient data at risk.

Still, no security plan was established, and the encryption issue was not corrected on laptops, workstations and other devices distributed to the Children’s workforce until April 2013, the civil rights office investigation found.
That month a laptop was stolen in a separate breach that contained unencrypted data for nearly 2,500 people. Children’s reported the HIPAA (Health Insurance Portability and Accountability Act) violation to the Office of Civil Rights three months later.
In January, the medical center declined its right to request a hearing and challenge the fine, which totaled $3,217,000.
“We have decided to pay the imposed fine because efforts to formally contest the claims would be a long and costly distraction from our mission to make life better for children,” said Scott Summerall, a spokesperson for Children’s Health. “We remain committed to protecting the privacy of our patients.”

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
venmo
What’s Wrong With Your Venmo Account, and How to Fix It
December 4, 2018

ILLUSTRATION: RICHARD BORGE By Katherine Bindley Dec. 4, 2018 9:02 a.m. ET Few social-media e...

Read more
private
Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows
November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be...

Read more
apple
Apple launches privacy portal, initiatives
October 18, 2018

Apple (NASDAQ:AAPL) launches a new privacy website letting users find personal data the company has ...

Read more
private
Just Don’t Call It Privacy
September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads onl...

Read more
static2.politico.com
Privacy and security: no simple solution, warns Rachel Dixon
September 18, 2018

The tide is turning when it comes to privacy and security, with Australians gradually becoming more ...

Read more