Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of those CEs that found itself under the microscope.
Unfortunately for Cascade, a virus invaded part of its computer system in December 2007, exposing the data of more than 11,500 donors and landing the healthcare system in the headlines.
The HIPAA security rule requires this type of assessment. However, many healthcare organizations have never completed a risk assessment, have not kept it up to date, or have failed to address all necessary areas of risk.
A patient underwent diagnostic testing in the hospital where she was employed. She received a copy of the laboratory results, and when she read them, she noticed that a physician had noted her employee status. Does this violate HIPAA?
Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees. The health-care insurer also failed to promptly notify consumers endangered by the security breach, according to a press release from Blumenthal’s office.