Oregon Health & Science
University is notifying 3,044 patients that their OHSU health information was
stored on an Internet-based email and/or document storage service, also known
as a “cloud” computing system.
Although the Internet-based
service provider (Google Drive, Google Mail) is password-protected [practically
worthless Bob] and has
security measures and policies in place to protect information, it is not an
OHSU business associate with a contractual agreement to use or store
OHSU patient health information.
There is no evidence that the data was
accessed or used by anyone who did not have a legitimate patient care need to
view the information. [and with no logs, we can’t prove they didn’t Bob] However, the terms of service indicate the
data stored with the Internet-based provider can be used for the “purpose of
operating, promoting, and improving [its] Services, and to develop new ones.” OHSU has been unable to confirm with the
Internet service provider that OHSU health information has not been, and will
not be, used for these purposes. Consequently,
OHSU is notifying all affected patients.
In May 2013, an OHSU School of
Medicine faculty member discovered residents, or physicians-in-training, in the
Division of Plastic and Reconstructive Surgery were using Internet-based
services to maintain a spreadsheet of patients. Their intent was to provide each other
up-to-date information about who was admitted to the hospital under the care of
their division.
…. “We do not believe this incident will result
in identity theft or financial harm; however, in the interest of patient
security and transparency and our obligation to report unauthorized access to
personal health information to federal agencies, we are contacting all affected
patients. We sincerely apologize for any
inconvenience or worry this may cause our patients or their families,” said
John Rasmussen, OHSU’s Chief Information Security Officer.
SOURCE: Oregon Health &
Science University
Note that this is OHSU’s fifth breach that I’ve reported on
this blog since 2008:
- In December 2008, they notified 890 patients whose PHI was on a laptop stolen from an employee attending a conference in Chicago;
- In June 2009 – also before HITECH went into effect – OHSU notified 1000 patients that their names, treatment information and medical record numbers were on a laptop stolen from a physician’s car outside the doctor’s home (subscription and login required)
- In July 2012, more than 14,000 pediatric patients and 200 employees had data on a USB drive stolen in a home burglary; and
- In March 2013, they reported that more than 4,000 patients had PHI on a laptop stolen from a researcher’s rental home.
What is an “adequate limit?”
Few See Adequate Limits on
NSA Surveillance Program
Pew Survey -”A majority of Americans – 56% – say that
federal courts fail to provide adequate limits on the telephone and internet
data the government is collecting as part of its anti-terrorism efforts. An even larger percentage (70%) believes that
the government uses this data for purposes other than investigating terrorism. And despite the insistence by the president
and other senior officials that only “metadata,” such as phone numbers and email
addresses, is being collected, 63% think the government is also gathering
information about the content of communications – with 27% believing the
government has listened to or read their
phone calls and emails.”
So I can’t fly my drone until the feds give me a budget? I don’t think so…
Ben Wolfgang reports:
The lagging federal effort to
fully integrate drones into U.S. airspace is in danger of falling even further
behind schedule.
A funding bill now before the
Senate essentially would stop the process in its tracks by prohibiting the
Federal Aviation Administration from moving forward until it completes a
detailed report on drones’ potential privacy impact.
The report, called for in the
Senate’s fiscal 2014 transportation appropriations measure, would be yet
another hurdle in the FAA’s already complex, time-consuming drone integration
initiative.
Read more in the Washington Times.
My phone book does not record the number I called or the
times of each call or the location I called from…
Rep. Mike Rogers has jumped on Michele Bachmann’s comparison
of NSA bulk collection of call records to phone books:
There are “zero privacy
violations” in the National Security Agency’s collection of phone records,
House Intelligence Committee Chairman Mike Rogers, R-Mich., said Sunday on
“Face the Nation,” just days after the chamber narrowly rejected a measure that
would have stripped the agency of its assumed authority under the Patriot Act
to collect records in bulk.
“There’s more information in a phone book
than there is in this particular big pile of phone numbers that we used to
close the gap – we, the intelligence services – close the gap that we saw
didn’t allow us to catch someone from 9/11,” Rogers said.
“Remember, this came about after
9/11 when we found out afterward that terrorists that we knew about overseas
had called somebody who was a terrorist but living in the United States or
staying in the United States,” he continued. [and we did that without the metadata
database. Bob] “He ended up being the person that got on an
airplane and flew into the side of the Pentagon.”
Read more on CBS Face the Nation.
So Rogers ignores the significance of metadata and refuses
to see that the very collection of bulk call records without reasonable
suspicion that the targeted individuals have done something terrorism-related
is in itself a privacy violation.
Interesting product.
Tile
Just attach, stick or drop your Tile into any item you might
lose: laptops, wallets, keys, guitars, bikes—you name it.
The Tile App on your phone makes it easy to find your
Tile(s) anywhere, anytime.
No comments:
Post a Comment