Yet another hospital has lost patient information, violating HIPAA and HITECH regulations, and setting itself up for a world of hurt.
This time, it's the Regional Medical Center in Memphis that somehow managed to send out unencrypted email messages containing names, phone numbers, social security numbers, dates of birth, and even outpatient status information for almost 1,200 patients.
According to Government Health IT, the breaches occurred in late 2012, but "the incident wasn't discovered" until March.
This "incident" (in my opinion, when more than a thousand records are mailed into the wild blue yonder, it's more than an incident) is far from the first in a medical facility.
A few years ago, Stanford Hospital "lost" patient records, and later found them on a student testing website. According to The New York Times, a spreadsheet containing data on 20,000 emergency room patients was uploaded by a small contractor to a site, requesting help for how to turn the information into a bar graph.
More to the point, this information was out there for almost a year. This case was discussed in depth by our own cybersecurity wiz David Gewirtz, who did an entire webcast called Share Often, Share Safely on these sorts of breaches. The webcast is free and available on demand from our sister site, TechRepublic.