Stories
Slash Boxes
Comments

SoylentNews is people

posted by on Saturday January 07 2017, @12:34AM   Printer-friendly
from the payback-for-the-drafty-gowns dept.

A report on eSecurityPlanet says that a hospital patient has posted 15,000 people's personal information on a social media site. This includes names, addresses, Social Security information and Medicaid information.

The New Hampshire Department of Health and Human Services (DHHS) recently announced that personal information belonging to as many as 15,000 DHHS clients was posted to a social media site over a year ago by a patient at New Hampshire Hospital.

"The personal information was accessed, in October 2015, by an individual who was a patient at New Hampshire Hospital at that time, using a computer that was available for use by patients in the library of the hospital," DHHS said in a statement. "In the course of investigation, we learned that this individual was observed by a staff member to have accessed non-confidential DHHS information on a personal computer located in the New Hampshire Hospital library."

The staff member notified a supervisor, who restricted access to library computers -- but the incident was never reported to hospital management or to DHHS.

In August of 2016, almost a year later, a hospital security official notified DHHS that the same person may have posted some DHHS information on social media, though an investigation didn't uncover any evidence that confidential information had been exposed.

Finally, on November 4, 2016, New Hampshire Hospital security notified DHHS that the same individual had in fact posted confidential, personal information to a social media site.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Informative) by Anonymous Coward on Saturday January 07 2017, @01:20AM

    by Anonymous Coward on Saturday January 07 2017, @01:20AM (#450537)

    I work Patient data, and have very strict guidelines on how to handle it. The company has procedures in place to trigger a whole process if someone makes a mistake with Patient data. This is serious business, and some heads will roll what this person did, including their own head.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   1  
  • (Score: 2, Informative) by Anonymous Coward on Saturday January 07 2017, @02:07AM

    by Anonymous Coward on Saturday January 07 2017, @02:07AM (#450553)

    Turns out that HIPPA enforcement is total shit.

    In 2014 there were 18,000 hippa complaints - HHS only took action in 6 cases. [washingtonpost.com] They don't even keep track of how many hippa complaints are filed against each facility.

    So maybe heads will roll. Or maybe its all talk. Because the government sure isn't doing anything about it.

    • (Score: 2) by physicsmajor on Saturday January 07 2017, @02:39AM

      by physicsmajor (1471) on Saturday January 07 2017, @02:39AM (#450564)

      In the majority of these cases, HHS didn't need to take action because the institutions took care of it themselves. The individual is fired, they figure out how better to handle it next time. Also note that just about every job in healthcare requires a clean background of employers, and they do check with them. This is the equivalent of a dishonorable discharge; such individuals are pretty much barred from ever working in healthcare again for life.

      Without HHS launching a formal investigation.

      • (Score: 0) by Anonymous Coward on Saturday January 07 2017, @02:50AM

        by Anonymous Coward on Saturday January 07 2017, @02:50AM (#450567)

        How can HIPPA and other such things even be taken seriously when they're allowed to store the data on computers running proprietary software? Where's the commitment to freedom and privacy?

      • (Score: 0) by Anonymous Coward on Saturday January 07 2017, @03:43AM

        by Anonymous Coward on Saturday January 07 2017, @03:43AM (#450586)

        Sounds like you are just making up a pollyanna rationalization without evidence.

        If there were 18,000 incidents its hard to believe that they all lead to institutional level corrections that would prevent similar failures. After all, that's 18,000 failures some of them, probably a lot of them, have got to be multiple incidents at the same facilities.

    • (Score: 1) by khallow on Saturday January 07 2017, @04:41AM

      by khallow (3766) Subscriber Badge on Saturday January 07 2017, @04:41AM (#450611) Journal
      They'll find a way to respond to such extravagant flouting of the law.
  • (Score: 1) by J_Darnley on Saturday January 07 2017, @05:03AM

    by J_Darnley (5679) on Saturday January 07 2017, @05:03AM (#450617)

    Is the poster bound by HIPAA? He has no professional involvement with the data. Does it really forbid any person from saying any medical fact they know about someone? Perhaps the scale is what matters in this case.

  • (Score: 4, Insightful) by canopic jug on Saturday January 07 2017, @08:06AM

    by canopic jug (3949) Subscriber Badge on Saturday January 07 2017, @08:06AM (#450651) Journal

    If HIPAA were even an issue, then there would be no M$ products in the hospitals at all. It'd get as far as screening the licenses (EULAs and all) prior to purchase before legal would forced to call a halt to considering M$. That's not even getting into the software, just the holes that are laid out in black and white in the licenses themselves.

    If you want a challenge, have your so-called IT department provide licenses for the M$ software it is foisting on you. It will take threats just short of physical violence to get your own so-called IT department to get you the licenses in any form. They are so far over the line in promoting M$ interests inside the organization, that they will push back quite hard against any requests that might reflect badly on M$. When you do get the licenses, those covering just a basic desktop installation with no third-party software will be about 4cm thick or thicker when printed out.

    It's worse for those with IT departments that have fully been replaced with M$ resellers. Those have all kinds of infrastructure imitated by M$ products. Each version of each product has its own separate license. Dig through them and you will see that they would be in clear violation of HIPAA requirements. There's no way to safely provide M$ desktops and meet HIPAA, let alone servers. So if M$ is in the hospital, you can say HIPAA is as good as ignored.

    --
    Money is not free speech. Elections should not be auctions.