HealthcareIT News reports on a case in Florida concerning a security breach of patients’ medical data:
MIAMI, FL – Officials at the University of Miami Hospital have notified patients affected by a July data breach, stating in a letter that, upon investigation, two university employees were found to be “inappropriately accessing” patient information and may have sold the data.
Specifically, the letter states that these employees were accessing patient “face sheets,” which include names, dates of birth, insurance policy numbers, partial Social Security numbers and clinical information pertaining to the reason for visit. Moreover, in both Medicare and Medicaid insurance plans, patient Social Security numbers are used as the insurance policy number, thus, in these cases, full Social Security numbers may have been compromised. […]
This is not the University of Miami Hospital’s first patient data breach. On Nov. 2011, a flash drive containing the demographic and clinical data of an estimated 1,219 patients was stolen from a physician’s car.