Oregon Health & Science University has signed a resolution agreement with the Office for Civil Rights stemming from two breaches that occurred in 2013. Becker’s Healthcare reports, OHSU agreed to pay $2.7 million and commit to a three-year corrective action plan and reports that none of the 7,000 affected patients have endured harm from the breaches. Meanwhile, Kaiser Permanente’s Northern California division has announced that two of its employees allegedly stole an unspecified number of ultrasound machines, resulting in a data breach affecting 1,100 known patients. Much of the equipment was recovered and there’s no sign the information has been used for fraud.
Oregon Health & Science University has signed a resolution agreement with HHS’ Office for Civil Rights regarding two data breaches from 2013 affecting more than 7,000 patients total that includes a $2.7 million payment and a three-year corrective action plan.
In the first breach, an unencrypted laptop containing protected health information of 4,022 patients was stolen from a surgeon’s vacation home in Hawaii in February 2013. OHSU notified 3,044 patients of the second breach in July 2013, in which residents and physicians-in-training in three departments had been storing patient information in a Google-based cloud system, though the health system did not have a contractual relationship to store patient information there.
OHSU indicates none of the affected patients have reported any harm from the data breaches.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
“OHSU is continuously working to improve protection of patient information data in a constantly changing security and technology landscape. The two breaches that occurred in 2013 were stark reminders to OHSU how vigilant we must be. We made significant data security enhancements at the time of the incidents and now are investing at an unprecedented level in proactive measures to further safeguard patient information,” said Bridget Barnes, OHSU CIO, in a statement.
The health system plans to work with external consultants to enhance protections and meet the requirements of the corrective action plan.
Date: July 15, 2016