In the news: Privacy breaches and de-identification
- According to LA Weekly, Huping Zhou, a former employee at the UCLA Healthcare System, pleaded guilty to federal charges of breaches of patient privacy. Zhou, 48, accessed the UCLA patient records system 323 times during the three-week period, mostly looking for the files of celebrities, after being let go by the hospital. Names of targeted celebrities have not been revealed. This case follows a similar breach at UCLA Medical Center, when Lawanda Jackson, a former nurse at the Center, plead guilty to wrongfully accessing information of Britney Spears and Farrah Fawcett.
- Delaware Online reports about a new unfortunate trend in medical identity theft -- searching for copies of discarded prescriptions: "In the latest crime trend to hit Delaware, police are reporting that people looking for drugs such as Oxycontin and Vicodin are stalking customers who throw away prescription bags containing paperwork with details about their pills and themselves. They use the personal information to call in prescriptions and charge them to the victims' insurance. Then they turn around and sell the drugs." According to Bruce DiVincenzo, chief agent of Delaware's Office of Narcotics and Dangerous Drugs:
They're making their own scripts by ordering paper from the Internet," he said. "It's the patient's name that they want, because that person is actively listed as a customer of the pharmacy and will not raise suspicion."
Pharmacies like CVS and Happy Harry's (a subsidiary of Walgreens) take certain precautions to prevent such identity theft, including checking ID's before filling prescriptions and reminding customers to be careful with their receipts and copies of prescriptions.
- According to Washington Technology, HHS is looking for a contractor to research the effectiveness of "de-identifying" PHI:
Under this new contract, HHS will research re-identifying the data and matching it to a specific individual.
'The contractor shall take one or more HIPAA Privacy Rule de-identified data sets and, using methods and technologies that exclude 'brute force' matching, demonstrate the ability or inability to re-identify the data,' the notice states.
The re-identification must be an accurate and unambiguous match to an individual.
"Former UCLA Health Worker Pleads Guilty To Accessing Celebrities' Medical Records," LA Weekly (January 8, 2010).
"Delaware crime: Trash-picking identity theft targets pharmacy customers," Delaware Online (January 6, 2009).
"HHS wants contractor to test privacy of 'anonymous' data," Washington Technology (January 5, 2010).
