Cancer Center Reports Data Breach | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

Cancer Center Reports Data Breach

June 29, 2012
by Gabriel Perna
| Reprints

The University of Texas MD Anderson Cancer Center, a Houston-based institution, has announced that a computer containing patient and research information was stolen from a physician's home on April 30. The computer contained patient information, including names, medical record numbers, treatment and/or research information, and, in some instances, Social Security numbers.

After learning of the theft on May 1, MD Anderson immediately said it began its investigation, including working with outside forensics experts, to determine the information contained on the computer. The physician reportedly notified the police immediately and MD Anderson says there is an ongoing criminal investigation into the theft.

According to the institution, MD Anderson worked with forensics experts to recreate the information that was on the stolen computer, and after analysis MD Anderson notified patients as soon as it was able. The hospital says it has no reason to believe that the computer was stolen for the information it contained, since other items were also stolen from the employee's home.

MD Anderson began mailing notification letters on June 28 to patients who may have been affected. It is offering credit monitoring services for those whose Social Security numbers were included in the data and providing call center support to all affected. More information can be found here.  The hospital says it has taken steps to help prevent this from happening in the future, including accelerating efforts to encrypt all MD Anderson computers.

Topics

Comments

Breaches are not inevitable – as signified by the HHS Safe Harbor from Breach Reporting

Unfortunately, the increasing interest in Breach Response Services indicates that a significant percentage of network owners believe that a Data Breach is inevitable. However, fortunately for healthcare organizations, HHS believes that installing appropriate safeguards provides deterministic results – a breach is very unlikely. The Department of Health and Human Services demonstrates their confidence by providing a HHS Safe Harbor if safeguards specified by the National Institute of Standards and Technology (NIST) are implemented. The cost is competitive with developing a Breach Response Plan.

I was honored to introduce this subject in the current issue of the Betterley report on page 13 which is free on the International Risk Management Institue web site, http://www.irmi.com/online/betterley-report/cyber-privacy-media-liability-summary.pdf
Mac Brinton, mbrinton@infogard.com

News

Loma Linda University Medical Center Gets HIMSS Stage 7 Designation

Loma Linda University (LLU) Medical Center and other patient care facilities linked to the health system have achieved Stage 7 designation on HIMSS Analytics’ inpatient Electronic Medical Record Adoption Model (EMRAM).

HHS OIG Report Cites Concerns with MACRA Implementation

The U.S. Department of Health and Human Services (HHS) Office of the Inspector General issued a report of its review of the Centers for Medicare & Medicaid Services’ (CMS) management of the Quality Payment Program and cited specific concerns regarding the need for more specialized technical assistance for clinicians and program integrity efforts.

Cerner Files Protest over $62M EHR Contract Awarded to Epic

Cerner Corp. has filed a protest against rival EHR vendor Epic Systems following an “unfair bidding process and a possible conflict of interest” for a recent IT implementation contract awarded by the University of Illinois (UI) medical center.

NewYork-Presbyterian, Walgreens Partner on Telemedicine Initiative

NewYork-Presbyterian and Walgreens are collaborating to bring expanded access to NewYork-Presbyterian’s healthcare through new telemedicine services, the two organizations announced this week.

ONC Releases Patient Demographic Data Quality Framework

The Office of the National Coordinator for Health IT (ONC) developed a framework to help health systems, large practices, health information exchanges and payers to improve their patient demographic data quality.

AMIA, Pew Urge Congress to Ensure ONC has Funding to Implement Cures Provisions

The Pew Charitable Trusts and the American Medical Informatics Association (AMIA) have sent a letter to congressional appropriators urging them to ensure that ONC has adequate funding to implement certain 21st Century Cures Act provisions.