Talk About Privacy Gone Awry
The National Health Service (NHS) in the UK as gone awry! We focus quite a bit on the identification and protection of any type of confidential/privacy information lurking in unstructured content. It seems that the NHS lost 1.8 million records in one year, or more than 5,000 confidential patient records per day.
Among the breaches included data security records dumped in public bins and electronic records found for sale on an internet auction site. Other security lapses involved details of terminally ill patients being faxed to the wrong number, patient records being stolen and posted on the internet and unsecured laptops being stolen from homes of staff members. According to Campaigners, they labeled the disclosures as worrying lapses in data protection laws and called for systems across the NHS to be tightened. ‘Worrying lapses’ seems like a mild phrase in describing the problems.
Not to be out-done in the US recently the state of Alaska was required to pay $1.7 million because of one lost laptop of an employee. The United States Department of Health and Human Service (“HHS”) announced on June 26, 2012 that it had entered a Resolution Agreement with Alaska’s Medicaid program. Under the agreement, Alaska agreed to pay a $1.7 million penalty and comply with a corrective action plan (“CAP”) to settle what HHS described as “possible violations” of HIPAA that came to light following the theft of a portable hard drive from a car owned by an agency employee. Although Alaska could not say at the time of the theft – or apparently at any time thereafter – that the hard drive actually contained Personal Health Information, the theft nevertheless triggered a breach notification under the HITECH Act and a resulting investigation by HHS. Imagine if the cost if they had lost more than one laptop!
How do you protect your confidential information?