Maine cites hospital for data breach (updated)
It’s not often that we learn of any really serious consequences to hospitals that have suffered a data breach, but a previously reported breach has contributed to problems for Down East Community Hospital in Maine. Eric Russell of the Bangor Daily News reports:
In the latest of a series of incidents, Down East Community Hospital has been disciplined by state and federal agencies for a number of serious violations within the last year.
The Maine Department of Health and Human Services recently ordered the hospital to operate on a conditional state license, an action deemed “necessary to protect the interests of the general public,” said Catherine Cobb in DHHS’s Licensing and Regulatory Services division.
Additionally, the Center for Medicare and Medicaid Services, a federal agency that oversees health care coverage at U.S. hospitals and ensures compliance with certain federal regulations, has threatened to sever ties between Down East Community Hospital and Medicare. The hospital can avoid that action if it corrects certain deficiencies within a set period of time.
One of the issues in the state’s report was data protection:
Clinical records — In November 2008, the hospital discovered that numerous confidential patient files had washed up in a nearby waterway. The documents had been stolen from the hospital, which the state determined was a breach in confidentiality. All hospital documents now must be kept in a more secure location. Dodwell said an investigation is still continuing to determine who stole the files and why.
I seriously doubt that the data breach alone would have resulted in such severe measures, but it’s nice to see states stepping up and saying that such breaches are unacceptable and that hospitals need better security or they may not maintain their license.
Update: On Feb. 13, a report was released that the hospital was now in full compliance. See the Bangor Daily News.