• Home
• Topics
  • Business and Finance
  • Chronic Disease Care
  • Consumer Information
  • Data Standards
  • EHRs and PHRs
  • Global Health
  • Health Plans
  • Hospitals
  • Meaningful Use
  • Mobile Health
  • ONC
  • Patient Safety
  • Physician Practices
  • Policy
  • Privacy and Security
  • Public Health
  • Telehealth
• Perspectives
  • Current Perspectives
  • Perspectives Archive
• Features
  • Current Feature
  • Features Archive
• Data Points
  • Current Data Point
  • Data Point Archive
• Special Reports
• Most Popular
  • Most Viewed
  • Most Emailed
  • Most Commented

EVENTS

View All Events

FROM THE FOUNDATION

All Over the Map

A newly updated interactive map unleashes data to highlight medical treatment variation across California. Now with breast cancer, prostate cancer, and spine procedures, this CHCF-sponsored research shows that practice patterns vary dramatically from place to place.

A professor at the University of Utah is filing a complaint with HHS' Office for Civil Rights and the Federal Trade Commission about the way that a health care system shared patient data prior to a state Medicaid data breach, the Salt Lake Tribune reports (Stewart, Salt Lake Tribune, 6/18).

Recent Utah Data Breach

In April, the Utah Department of Health announced that a data breach occurred on March 30 as Utah Department of Technology Services technicians were exchanging computer servers.

Stephen Fletcher -- executive director of UDTS -- said it appeared that "very sophisticated" hackers used passwords to access a server, but officials are uncertain about how the hackers bypassed security.

The breach affected the personal information of about 800,000 Medicaid and Children's Health Insurance Program beneficiaries. The stolen information included about 280,000 Social Security numbers (iHealthBeat, 4/30).

Details of the Allegations

Leslie Francis -- a health law professor at the university and former chair of Utah's Health Data Committee -- said she learned that her personal information was exposed during the Medicaid breach and decided to investigate the issue.

She said her information likely was sent to UDOH by a health care provider inquiring whether she was covered by Medicaid. Francis -- who is insured by her employer -- said that none of her health care providers indicated in their privacy notices that they might send patients' personal information to the state's Medicaid program.

Francis said she believes that Salt Lake Regional Medical Center -- which is owned by IASIS Healthcare -- shared her information with UDOH.

She claimed that IASIS' privacy notice violates HIPAA because it does not contain sufficient details about how it handles patient data. She also alleged that IASIS' privacy notice might be misleading enough to be considered unfair trade practice.

Response to Allegations

Officials from IASIS repeatedly declined requests to explain their patient data sharing policy, according to the Tribune.

Ed Lamb, IASIS western division president, said, "Salt Lake Regional Medical Center takes privacy and confidentiality extremely seriously, and will work with individuals to resolve any issues" (Salt Lake Tribune, 6/18).

• Print
• Email
• Share
  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Digg

RELATED STORIES

06/14/2012

Policy Brief Offers Ways To Strengthen Privacy, Security of Health Data

06/08/2012

OCR Issues Memo on Patients' Legal Rights To Access Health Data

06/05/2012

Survey Says Health Data Breaches Can Lower Consumer Confidence

04/30/2012

Group Offers Suggestions on How To Respond to Utah Health Data Breach

MOST POPULAR ARTICLES

• 
• 
•