HHS Investigating Experian-Involved Patient Data Exposure at Hospital
The U.S. Department of Health & Human Services' Office for Civil Rights is investigating an incident at a Chicago hospital after third-party vendor Experian Health exposed to other health care facilities the personal information of more than 700 patients.
November 14, 2017 at 01:37 PM
3 minute read
Experian Health is being blamed for a data security incident that exposed the confidential information of more than 700 patients at a Chicago hospital—just weeks after another of the country's three major credit bureaus experienced one of the largest data breaches in U.S. history.
The U.S. Department of Health & Human Services' Office for Civil Rights says it is currently investigating the unauthorized disclosure via a network server of unsecured protected health information that affected 727 individuals at Cook County Health and Hospitals System. The HHS OCR is tasked with protecting the privacy and security of health information.
A hospital spokeswoman, however, said in a phone interview that the health system's network server was not breached. Rather, according to a press release that the hospital issued last month, it was notified on Aug. 1 by Experian that the credit reporting agency inadvertently sent patient information to other health care facilities during a computer system upgrade last March. As required by federal law, the hospital late last month reported this information to HHS. Cook County Health works with Experian to help the hospital determine patients' insurance eligibility.
Experian released patient names, account numbers, medical records numbers and dates of birth, according to the press release. Addresses, Social Security numbers and clinical information were not affected, it added. The hospital says it has not been notified of any unauthorized use of the information.
An Experian spokesman characterized the incident not as a data breach but as “an isolated processing error which involved the delivery of limited patient identifying information to various healthcare organizations.”
“The information was only delivered to Experian clients that are covered by the Health Insurance Portability and Accountability Act (HIPAA),” the company said in an e-mailed statement. “As soon as this was discovered, Experian took immediate action to correct the error.”
In September, credit reporting giant Equifax Inc. announced that it had experienced a catastrophic data breach earlier this year that potentially compromised the personal information of nearly half the U.S. adult population and caused $87.5 million of expenses.
DLA Piper, a firm that was itself the victim of a hack this year, is helping steer Equifax through the data breach scandal. Susan Estrich of Quinn Emanuel Urquhart & Sullivan represents its CEO in his personal capacity.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
DOJ Asks 5th Circuit to Publish Opinion Upholding Gun Ban for Felon
Cars Reach Record Fuel Economy but Largely Fail to Meet Biden's EPA Standard, Agency Says
Trump’s DOE Pick Could Spell Trouble for Title IX Enforcement, Higher Ed Funding
4 minute read
When Police Destroy Property, Is It a 'Taking'? Maybe So, Say Sotomayor, Gorsuch
Trending Stories
- 1Judge Denies Sean Combs Third Bail Bid, Citing Community Safety
- 2Republican FTC Commissioner: 'The Time for Rulemaking by the Biden-Harris FTC Is Over'
- 3NY Appellate Panel Cites Student's Disciplinary History While Sending Negligence Claim Against School District to Trial
- 4A Meta DIG and Its Nvidia Implications
- 5Deception or Coercion? California Supreme Court Grants Review in Jailhouse Confession Case
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
