Second largest health info data breach draws class-action lawsuit

Effective Sep 10, 2013

Published Sep 10, 2013

Last Reviewed Sep 9, 2013

The plaintiffs argue the physician group didn’t sufficiently protect their private data and violated privacy regulations, according to a report in The Chicago Tribune.

The information, which was password-protected but not encrypted, included the names, addresses, dates of birth and Social Security numbers of the patients, the report said. Full medical records weren’t on the computers, but medical data for some patients such as diagnoses, medical record numbers, medical service codes and health insurance information, is also at risk.

The data breach affects patients with the Advocate Medical Group from the early 1990s through July, making it the second largest health information loss reported to the Department of Health and Human Services since it implemented its mandatory notification rule in 2009, the report says.

In a statement, Advocate Medical Group said “we deeply regret any inconvenience” caused by the breach. The group also said it didn’t believe the data was targeted or misused. “Thus, we feel confident the facts will demonstrate that the lawsuit is without merit.”

For more on health information encryption best practices, turn to Home Health Line.

The information contained herein was current as of the publication date. © Copyright DecisionHealth, all rights reserved. Electronic or print redistribution without prior written permission of DecisionHealth is strictly prohibited by federal copyright law.