A report on eSecurityPlanet says that a hospital patient has posted 15,000 people's personal information on a social media site. This includes names, addresses, Social Security information and Medicaid information.
The New Hampshire Department of Health and Human Services (DHHS) recently announced that personal information belonging to as many as 15,000 DHHS clients was posted to a social media site over a year ago by a patient at New Hampshire Hospital.
"The personal information was accessed, in October 2015, by an individual who was a patient at New Hampshire Hospital at that time, using a computer that was available for use by patients in the library of the hospital," DHHS said in a statement. "In the course of investigation, we learned that this individual was observed by a staff member to have accessed non-confidential DHHS information on a personal computer located in the New Hampshire Hospital library."
The staff member notified a supervisor, who restricted access to library computers -- but the incident was never reported to hospital management or to DHHS.
In August of 2016, almost a year later, a hospital security official notified DHHS that the same person may have posted some DHHS information on social media, though an investigation didn't uncover any evidence that confidential information had been exposed.
Finally, on November 4, 2016, New Hampshire Hospital security notified DHHS that the same individual had in fact posted confidential, personal information to a social media site.
(Score: 2, Informative) by Anonymous Coward on Saturday January 07 2017, @02:07AM
Turns out that HIPPA enforcement is total shit.
In 2014 there were 18,000 hippa complaints - HHS only took action in 6 cases. [washingtonpost.com] They don't even keep track of how many hippa complaints are filed against each facility.
So maybe heads will roll. Or maybe its all talk. Because the government sure isn't doing anything about it.
(Score: 2) by physicsmajor on Saturday January 07 2017, @02:39AM
In the majority of these cases, HHS didn't need to take action because the institutions took care of it themselves. The individual is fired, they figure out how better to handle it next time. Also note that just about every job in healthcare requires a clean background of employers, and they do check with them. This is the equivalent of a dishonorable discharge; such individuals are pretty much barred from ever working in healthcare again for life.
Without HHS launching a formal investigation.
(Score: 0) by Anonymous Coward on Saturday January 07 2017, @02:50AM
How can HIPPA and other such things even be taken seriously when they're allowed to store the data on computers running proprietary software? Where's the commitment to freedom and privacy?
(Score: 0) by Anonymous Coward on Saturday January 07 2017, @03:43AM
Sounds like you are just making up a pollyanna rationalization without evidence.
If there were 18,000 incidents its hard to believe that they all lead to institutional level corrections that would prevent similar failures. After all, that's 18,000 failures some of them, probably a lot of them, have got to be multiple incidents at the same facilities.
(Score: 1) by khallow on Saturday January 07 2017, @04:41AM