Data Breaches Revealed At Local Hospitals

WCVB - The U.S. Department of Health and Human Services has begun posting details about data breaches at doctor's offices, hospitals, health plans and other organizations subject to medical privacy laws.

Under a new federal law, all breaches that impact 500 or more patients must be reported to HHS within 60 days. Breaches affecting fewer than 500 people must be reported annually.

There are four local cases detailed on the site.

At Mass Eye and Ear Infirmary, the credit card information of 1,076 people may have been compromised. A hospital investigation found two employees were responsible. Both were fired.

In a statement, Mass Eye and Ear said it will provide the individuals affected with a free year of credit monitoring.

The HHS Web site also lists a data breach affecting 528 people at Brown University in Providence, R.I., in December. Someone had unauthorized access to paper records.

At Beth Israel Deaconess Medical Center, the laptop of a former hospital employee, who had since started working at the University of California San Francisco, was stolen. The laptop contained some only a limited amount of personal information, according to the hospital, “But no Social Security numbers or financial information.”

There is no information that the information fell into the wrong hands or was inappropriately used, however BIDMC alerted impacted patients of the breach.

According to HHS, the electronic medical records of more than 1,800 patients at an unidentified private medical practice in Stoughton were also stolen in December.

Across the country there have been more than 40 security breaches of personal information at doctor's offices since last September.