Search Results : texas » PHIprivacy.net

Aug 282014
 

From Courthouse News:

Texas has sued fired Medicaid claims administrator Xerox for the second time in four months, claiming its failure to return client medical records exposes the state to massive federal fines for violations of privacy.

The Texas Health and Human Services Commission sued Xerox State Healthcare in Travis County Court on Tuesday.

The commission claims that on July 31, Xerox employees removed company laptops and 244 boxes of documents from its offices after the state terminated the parties’ agreement and sued.

The commission believes the information includes client names, photographs, birthdates, medical and billing records.

Read more on Courthouse News.

h/t, Joe Cadillic

Update: The state’s press release can be found here. PHIprivacy.net has emailed Xerox for a statement and will either update this entry or create a new one if and when more information becomes available.

Update 2: Xerox provided PHIprivacy.net with the following statement:

On August 1, Xerox completed the transition of the State of Texas’ Medicaid contract to a new vendor. This transition was accomplished with complete transparency and with the full knowledge and participation of the Health and Human Services Commission. The retention of property includes Xerox material such as computer monitors, televisions, human resource files, internal financial records and Xerox branded collateral and posters, while the data represents proprietary Xerox information and was retained with the State’s knowledge who declined repeated opportunities to review the material. Last month, Xerox asked the Travis County District Court to rule on our retention of this information and a court date is set for next month.

The Xerox spokesperson also kindly provided a copy of the motion they filed last month in Travis County Court, which I have uploaded here (pdf).

You get a somewhat different impression when you get both sides of the story, don’t you?

 

Jul 252014
 

AP reports the conviction of a doctor in a case previously noted on this blog:

A North Texas physician who ran a now-closed hospital near Dallas has been convicted of conspiracy, identity theft and health care fraud.

A federal jury in Tyler found Dr. Tariq Mahmood guilty Thursday of more than $1 million in fraudulent Medicare and Medicaid claims.

The Cedar Hill physician faces up to 10 years imprisonment for the conspiracy conviction, 10 years for each fraud count and two years for each identity theft count. No sentencing date has been set.

Read more on Daily Reporter, although it’s not clear from publicly available info which patients (from which facilities) had their Medicare or Medicaid numbers misused as part of the fraud and whether they were ever notified of same.

May 092014
 

So I had no sooner finished posting the Baylor phishing incident in Texas, where I questioned whether that phishing incident might be related to a successful phishing attempt involving physicians in the Franciscan Medical Group, when I discovered a third phishing incident that also occurred on January 23. This one involved the HealthTexas Provider Network and affected 2,742 patients.

HealthTexas Provider Network is part of Baylor Health, and they posted an identical notice to the one posted for Baylor Regional Medical Center at Plano.

It seems clear that the Baylor Regional Medical Center at Plano and HealthTexas Provider Network reports are linked, as they are both part of Baylor Health, but it’s not clear whether the Franciscan Health breach is linked or not.

Mar 022014
 

Ann Smajstrla of The Herald Democrat reports that Dr. J. M. Benson, whose practice is in Sherman Texas, has been notifying patients of a breach that occurred at the beginning of the year.

Office staff noticed on Jan. 5 that the office had been broken into, and that computers and one or more hard drives were stolen, the office said in a written statement. As a result, personal information of patients including names, addresses, phone numbers, Social Security numbers and health insurance provider policy numbers could have been compromised. Benson immediately reported the incident to police, and the investigation is ongoing.

Read more on The Herald Democrat. I cannot find any web site for the doctor or additional information at this time. And since there’s nothing in the media report to suggest the data were encrypted,  I am wondering why the doctor seemingly had “computers and one or more hard drives” without encryption.