On Tue, Oct 11, 2011 at 1:33 PM, PeterK <[log in to unmask]> wrote:
> Nemours Reports Old Computer Backup Tapes Missing « Press Releases « Media
> WILMINGTON, DELAWARE — Three unencrypted computer backup tapes containing
> patient billing and employee payroll data have been reported missing from a
> Nemours facility in Wilmington, Delaware. The tapes were stored in a locked
> cabinet following a computer systems conversion completed in 2004. The
> and locked cabinet were reported missing on September 8, 2011
> Source: http://www.nemours.org/mediaroom/news/2011/missingtapes.html
Another clear case of they don't understand the terminology or the intended
purpose of "backup tapes".
Based on the manner in which the data was described, there were "archival
tapes", not backups... and there are tons of conflicts in the statement
"The tapes were stored in a locked cabinet following a computer systems
conversion completed in 2004. The tapes and locked cabinet were reported
missing on September 8, 2011 and are believed to have been removed on or
about August 10, 2011 during a facility remodeling project."
So they've not been accessed since 2004, which means they DEFINITELY weren't
backups- and if they were archived records of past
patients/employees/whatever, they hadn't been accessed since 2004, what data
were they using for these individuals?
"Independent security experts retained by Nemours determined that highly
specialized equipment and specific technical knowledge would be necessary to
access the information stored on these backup tapes."
But later in the story it says:
"...Nemours is taking immediate steps to strengthen its data security
practices... moving towards encrypting all computer backup tapes and moving
non-essential computer backup tapes to a secure off-site storage facility."
So if they WEREN'T encrypted, why do they feel secure in saying "specific
technical knowledge would be necessary to access the information"? And
again, they're misusing 'backup' to describe these- if it's non-essential
information, then it's ARCHIVED data, NOT backups. So why would they bother
moving them offsite? How would they access the information if they needed
"There are no medical records on the tapes."
Later in the story it says:
"The missing backup tapes contained information such as... name, address,
date of birth, Social Security number, insurance information, insurance
information, medical treatment information, ...."
Obviously SOMEONE isn't familiar with HIPAA as to what constitutes a medical
*Lawrence J. Medina
RIM Professional since 1972*
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]