Subcontractor Responsible for Clinic Breach
DATA LOSS—U.S.February 5, 2013
Wisconsin’s River Falls Medical Clinic has notified 2,400 clients of a data breach after a subcontractor stole patient records in 2012, HealthIT Security reports. River Falls Police found health records at the suspect’s home. They included Social Security numbers, names, dates of birth and billing account information. The subcontractor was working as a cleaning service employee and stole the records from clinic bins headed for the shredder. The clinic says only clinic employees and the shredding company should have had access to the documents. The Department of Health and Human Services’ new HIPAA rules contain language with specific requirements on subcontractors. Editor’s Note: The breakout session Lessons Learned from OCR Privacy and Security Audits will be part of the IAPP Global Privacy Summit this March. And PricewaterhouseCoopers (PwC) will be hosting a daylong preconference workshop dedicated to healthcare privacy’s key themes. Details on PwC’s daylong session are forthcoming.