Elliot Health System reports a breach involving health information
Technorati Tag: Security Breach
Date Reported:
3/3/08
Organization:
The Elliot Health System (EHS)
Contractor/Consultant/Branch:
Advanced Medical Partners, Inc.
Victims:
Patients
Number Affected:
Unknown
Types of Data:
"electronic protected health information" "name, procedural dates of service at EHS, name of your insurance company and your date of birth"
Breach Description:
"A business associate of The Elliot Health System (EHS), Advanced Medical Partners, Inc. (AMPI), has recently informed us that on the evening of February 22, 2008, a thief/thieves broke into corporate headquarters, and stole ten computers. The computers contained electronic protected health information and could potentially include your name, procedural dates of service at EHS, name of your insurance company and your date of birth"
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
A business associate of The Elliot Health System (EHS), Advanced Medical Partners, Inc. (AMPI), has recently informed us that on the evening of February 22, 2008, a thief/thieves broke into corporate headquarters, and stole ten computers.
[Evan] Is this the same Advance Medical Partners that was recently acquired HealthTronics?
The computers contained electronic protected health information and could potentially include your name, procedural dates of service at EHS, name of your insurance company and your date of birth
AMPI has told us that these computers have safeguards in place, including password protection, to guard against access to this information.
[Evan] Really? I have two primary problems with this statement. First, is the "AMPI has told us" remark. EHS should know how their vendors/contractors secure confidential information. Contractor information security must be dictated by policy and/or contract language, then audited on a regular basis. Secondly, does EHS and/or AMPI want people to believe that password protection is adequate?
As with any such occurrence, we have reviewed this situation as an opportunity to evaluate current practices, policies and procedures.
[Evan] You don't need a breach to open an opportunity for improvement. Constant improvement should be built into the information security program from the beginning.
If EHS is informed of any new information related to this security incident by AMPI, EHS will contact you and update you.
Please accept my apologies for any inconvenience this may have caused you.
If you require any additional information or assistance, please feel free to contact me.
Katherine St. Jean RN, CPC, CMAS
Director of Compliance/Corporate Compliance Officer
Elliot Health System
Compliance Dcparttnent
4 Elliot Way
Suite 303
Manchester, NH 03103
-phone
Commentary:
This is just a short and quick breach notification without much detail. Feel free to comment.
Past Breaches:
Unknown
Date Reported:3/3/08
Organization:
The Elliot Health System (EHS)
Contractor/Consultant/Branch:
Advanced Medical Partners, Inc.
Victims:
Patients
Number Affected:
Unknown
Types of Data:
"electronic protected health information" "name, procedural dates of service at EHS, name of your insurance company and your date of birth"
Breach Description:
"A business associate of The Elliot Health System (EHS), Advanced Medical Partners, Inc. (AMPI), has recently informed us that on the evening of February 22, 2008, a thief/thieves broke into corporate headquarters, and stole ten computers. The computers contained electronic protected health information and could potentially include your name, procedural dates of service at EHS, name of your insurance company and your date of birth"
Reference URL:
The New Hampshire State Attorney General breach notification
Report Credit:
The New Hampshire State Attorney General
Response:
From the online source cited above:
A business associate of The Elliot Health System (EHS), Advanced Medical Partners, Inc. (AMPI), has recently informed us that on the evening of February 22, 2008, a thief/thieves broke into corporate headquarters, and stole ten computers.
[Evan] Is this the same Advance Medical Partners that was recently acquired HealthTronics?
The computers contained electronic protected health information and could potentially include your name, procedural dates of service at EHS, name of your insurance company and your date of birth
AMPI has told us that these computers have safeguards in place, including password protection, to guard against access to this information.
[Evan] Really? I have two primary problems with this statement. First, is the "AMPI has told us" remark. EHS should know how their vendors/contractors secure confidential information. Contractor information security must be dictated by policy and/or contract language, then audited on a regular basis. Secondly, does EHS and/or AMPI want people to believe that password protection is adequate?
As with any such occurrence, we have reviewed this situation as an opportunity to evaluate current practices, policies and procedures.
[Evan] You don't need a breach to open an opportunity for improvement. Constant improvement should be built into the information security program from the beginning.
If EHS is informed of any new information related to this security incident by AMPI, EHS will contact you and update you.
Please accept my apologies for any inconvenience this may have caused you.
If you require any additional information or assistance, please feel free to contact me.
Katherine St. Jean RN, CPC, CMAS
Director of Compliance/Corporate Compliance Officer
Elliot Health System
Compliance Dcparttnent
4 Elliot Way
Suite 303
Manchester, NH 03103
-phone
Commentary:
This is just a short and quick breach notification without much detail. Feel free to comment.
Past Breaches:
Unknown
Posted by Evan Francen at 4/16/2008 10:53 AM 
Categories: Advanced Medical Partners, Stolen Computer, Elliot Health System
Categories: Advanced Medical Partners, Stolen Computer, Elliot Health System
Posts Atom 1.0
Comments