Security Breach Story of the Week.....One third of the nations hospitals are operating in the red...fundraising is becoming increasingly important...it is part of today's culture...some hospitals are not asking as they say it's too hard to track...maybe we need a software update here...there are a couple of issues with this security breach...number one why did the hospital not anonymize the information....and second of all, what was up with the vendor they contracted with as they sign a HIPAA agreement in order to do business...2 areas where big red flags were missed...overall 6300 records were posted on the Internet for the sake of fundraising...the hospital shared the information with a vendor that searches data bases to find potential "wealthy" donors...Fundraising is wonderful, but do it right....for everyone's sake..and when fund raisers are successful, maybe the hospitals might invest a little in Health IT...still are many at the top of the command change that don't understand the process....BD
Fundraising efforts by UCSF led to a recent privacy breach involving more than 6,300 patients whose names and other information were inadvertently posted on the Internet - the institution had shared patient information with a vendor that searches databases to find wealthy potential donors.
Mark Laret, chief executive of the UCSF Medical Center, in an interview with The Chronicle, called the breach a "serious problem." In its wake, fundraising practices are being re-examined, he said. In the UCSF breach, the names of the patients and the medical departments where they were treated were shared with the vendor and exposed on the Internet along with the patients' medical record numbers.
The information provided to the vendor exceeded what is permitted by federal law, which allows only patient "demographic information," including name, address and dates of medical care, to be used for fundraising purposes without specific patient consent.