• Home
• Topics
  • Business and Finance
  • Chronic Disease Care
  • Consumer Information
  • Data Standards
  • EHRs and PHRs
  • Global Health
  • Health Plans
  • Hospitals
  • Meaningful Use
  • Mobile Health
  • ONC
  • Patient Safety
  • Physician Practices
  • Policy
  • Privacy and Security
  • Public Health
  • Telehealth
• Perspectives
  • Current Perspectives
  • Perspectives Archive
• Features
  • Current Feature
  • Features Archive
• Data Points
  • Current Data Point
  • Data Point Archive
• Special Reports
• Most Popular
  • Most Viewed
  • Most Emailed
  • Most Commented

EVENTS

View All Events

FROM THE FOUNDATION

Big Business, Little Data

A growing number of Californians are being sent to ambulatory surgery centers for a wide variety of procedures, yet little is known about the care they deliver because reporting is not required.

Keeping Track of Asthma

CHCF has made a second investment in Asthmapolis, a device that tracks asthma inhaler use and reports data through mobile phones to patients and doctors to better manage the disease.

South Shore Hospital in South Weymouth, Mass., has agreed to a $750,000 settlement over a 2010 data breach that exposed the personal data of 800,000 individuals, Boston Globe's "Business Updates" reports.

Breach Details

In February 2010, South Shore contracted with Pennsylvania-based Archive Data Solutions to erase and re-sell 473 data tapes containing personal information on 800,000 individuals. The data were not encrypted, and South Shore did not tell ADS that the tapes contained sensitive information (Bray, "Business Updates," Boston Globe, 5/24). Data on the tapes included:

• Names;
• Medical diagnoses;
• Financial account numbers; and
• Social Security numbers (Cheung, FierceHealthcare, 5/25).

The tapes were sent to a Texas subcontractor in three boxes, and the hospital later learned that only one of the boxes had arrived ("Business Updates," Boston Globe, 5/24).

Although the missing boxes have not been found, there have been no reports of unauthorized use of the lost data (Monegain, Healthcare IT News, 5/29).

Details of Lawsuit, Settlement

Following the data breach, Massachusetts Attorney General Martha Coakley (D) sued the hospital ("Business Updates," Boston Globe, 5/24). The lawsuit alleged that the hospital had violated the Massachusetts Consumer Protection Act and HIPAA's privacy and security rules.

Under the settlement, approved by Suffolk Superior Court, the hospital will pay:

• $250,000 as a civil penalty; and
• $225,000 toward a fund established by Coakley to promote education about the protection of health information and other personal data.

The $750,000 settlement also accounted for $275,000 that the hospital already has spent to adopt new security measures (Conn, Modern Healthcare, 5/24).

Hospital Action

As part of the settlement, South Shore agreed to undergo a review and audit of certain security measures and report the results and corrective actions to the attorney general (Byers, CMIO, 5/25).

Sarah Darcy -- a spokesperson for South Shore -- said that since the breach, the hospital has "put in a great deal of new measures to protect personal information." She said, "Everything, everything is encrypted now" ("Business Updates," Boston Globe, 5/24).

• Print
• Email
• Share
  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Digg

RELATED STORIES

05/18/2012

DHS: Mobile Technology Poses Security Risks to Health Data

05/09/2012

ONC Issues Guide on Protecting Privacy, Security of Health Data

04/30/2012

Group Offers Suggestions on How To Respond to Utah Health Data Breach

04/24/2012

HITRUST Launches New Cybersecurity Center for Health Care Industry

MOST POPULAR ARTICLES

• 
• 
•