Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

IT malpractice: Doctor Operates on Server; Costs Hospitals $4.8M

posted by martyb on Friday May 09 2014, @01:33PM   Printer-friendly
from the first-do-no-harm dept.

AnonTechie writes:

An inadvertent data leak that stemmed from a physician's attempt to reconfigure a server cost New York Presbyterian Hospital and Columbia University Medical Center $4.8 million to settle with the U.S. Department of Health and Human Services (HHS). The hospitals and HHS announced the voluntary settlement, which ends an inquiry into the incident, on Wednesday.

From the article:

The breach occurred in 2010 after a physician at Columbia University Medical Center attempted to "deactivate" a personally owned computer from an New York Presbyterian network segment that contained sensitive patient health information, according to the HHS.

In a joint statement, the two hospitals blamed the leakage on an "errantly configured" computer server. The error left patient status, vital signs, laboratory results, medication information, and other sensitive data on about 6,800 individuals accessible to all via the Web.

New York Presbyterian will pay $3.3 million, while Columbia will pay $1.5 million to settle the complaint. The hospitals also agreed to take "substantive" corrective action, including development of a new risk management plan and new policies and procedures for handling patient data. HHS will also be provided with periodic progress updates under the agreement.

 
This discussion has been archived. No new comments can be posted.
IT malpractice: Doctor Operates on Server; Costs Hospitals $4.8M | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by MostCynical on Friday May 09 2014, @11:26PM

    by MostCynical (2589) on Friday May 09 2014, @11:26PM (#41427) Journal

    he developed for his own facility.. which means he said he could do it cheaper and better than any 'off the shelf product.. and he was right, provided he and the IT department did the bug fuxes and support on top of their usual duties..
    Often, doctors get grants or donations of equipment, which are purchased, provisioned and set up completely independantly from hospital IT. The systems may, over time, get data from other systems in the hospital, eventually being the most complete set of records for patients in the doctor's department.

    Once the grant money runs out, or when the doctor leaves, no one seems to be able to fidnout who 'owns' the data.

    The doctor will claim it (collected using his grant money, after all), but does that include the rest of the patient's records, collected elsewhere in the hospital?

    then the data gets one the web...

     

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex