2nd Business Assoc. Breach Hits Hospital

Records Posted on Website by Mistake
2nd Business Assoc. Breach Hits Hospital
For the second time this year, patients at Newark Beth Israel Medical Center have been affected by a health information breach involving a business associate.

In the latest incident, the hospital is notifying more than 1,700 patients of a breach in which Professional Transcription Co. mistakenly posted clinical reports on its website for up to 10 months. The company, which transcribes physicians' dictated reports, posted patient names, medical record numbers, hospital account numbers, dates of birth, diagnoses and other clinical information on the site. The information, however, did not include addresses, Social Security numbers or financial information, the hospital said.

"We have no information to indicate that the information was actually viewed by any unauthorized individuals," according to a statement on the hospital's website. The vendor involved is performing a security assessment to identify and implement measures to avoid similar incidents, the statement added.

In May, the hospital reported that an employee of KPMG, which provides professional services to parent company Saint Barnabas Health Care System, lost an unencrypted flash drive containing information on 956 hospital patients. The drive may have contained a list with some patient names and information about their care, the hospital reported. The hospital said it had no evidence the information was accessed by any unauthorized person.

Another Breach Incident

In another recent health information breach involving a business associate, Ochsner Health System is notifying nearly 9,500 patients that letters sent out by HELP Financial Corp. on behalf of the Louisiana system contained incorrect patient information.

The names, medical record numbers, account numbers and account balances in the letters did not match the records for those to whom the letters were mailed. The letters referred to payment arrangements being made. The mistake was due to a programming error, according to an Ochsner statement, and HELP has corrected the problem.

All of these breaches were reported to the Department of Health and Human Services' Office for Civil Rights for inclusion in its list of major health information breaches as required under the HITECH Act's breach notification rule.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.