University of Miami Health System - 10/02/2014

The University of Miami Health System (UHealth) notified patients of a data breach when an offsite storage vendor communicated that the records could not be located. The Health System, which is one of the largest health providers in Southern Florida, discovered the breach on June 27, 2013. They have just recently begun notifying patients of the breach.The information in the missing files included patient names, dates of birth, physician names, insurance company names, medical record names, facility visited, procedures, diagnostic codes, and Social Security numbers. More Information: http://blogs.miaminewtimes.com/riptide/2014/02/security_breach_at_jackso...UPDATE (8/26/2014): The University of Miami Health System has agreed to a class-action settlement for the data breach that occurred in 2013 when records went missing from an offsite storage facility the medical system used. Under the settlement agreement, the UHealth will be required to conduct various risk assessments, remediate any identified problems, and ensure vendors have adequate security controls in place. The agreement states that the university will pay $100,000 in individual claims, $90,000 in attorneys’ fees, and $1,500 to the named plaintiff that initiated the lawsuite. Both parties have asked the federal district court to approve the recently-filed proposed settlement agreement.  http://www.phiprivacy.net/wp-content/uploads/Carsten_proposedsettlement.pdf