According to a story on Wired.com, a new law that went into effect January 1 requiring health care organizations in California to report suspected incidents of unauthorized data breaches of a patient’s personally identifiable health information – both intentional and unintentional – to the California Department of Public Health has led to officials receiving more than 800 reports in the first five months of this year.
The agency was surprised by the large number of health data breach reports it received in such a short period, according to the Journal of the American Health Information Management Association (AHIMA), and expects the numbers to increase even more as organizations become more familiar with reporting procedures.
Officials have conducted full investigations on 122 cases so far and confirmed 116 as actual data breaches. Most of the types of data breaches reported so far – which also include complaints from patients – have been unintentional. However, the Journal reports that officials can fine offending organizations or individuals up to $250,000 depending on the nature of the data breach and the extent of the harm it caused.
One such fine occurred after investigators determined that workers at a Los Angeles-based hospital inappropriately accessed the medical records of Nadya Suleman – also known as the “Octomom” – who received extensive publicity after giving birth to octuplets following fertility treatments. Investigators found that the hospital had been negligent in protecting Suleman’s medical record after discovering that an employee had improperly viewed her health data.
In addition, recently deceased actress Farrah Fawcett had also filed a complaint accusing employees in an LA-area hospital of providing information about her to a reporter.
California passed the first data breach notification law (which went into effect in July 2003) that required entities doing business in the state to notify consumers when their personally identifiable information (PII) – such as a name, date of birth, and Social Security or credit card number – was breached. The law helped expose the extent of the data breach problem and prompted other states to follow suit with their own laws.
California’s new medical data breach law, which is unpopular with many health care organizations, is the first in the nation and is being closely watched by other states.
While most background check companies focus on employers, MyBackgroundCheck.com offers consumers, jobseekers, students, and volunteers the chance to give themselves background checks and keep personal information secure, accurate, and up-to-date. For information about how personal background checks can help you avoid identity theft and privacy loss, visit www.mybackgroundcheck.com, email info@mybackgroundcheck.com, or call 1-800-503-2364. To follow MyBackgroundCheck.com on Twitter, visit www.twitter.com/MyBackgroundChk.
tahearn@mybackgroundcheck.com
*We welcome relevant comments and questions from consumers, experts, and human resources professionals. Please do not submit comments with advertisements as they will not be posted publicly. Thanks for visiting our blog!