Privacy. Marilyn Prosch , Ph.D., CIPP Arizona State University W.P. Carey School of Business Department of Information Systems Member AICPA/CICA Privacy Task Force. IS PRIVACY REALLY ALL THAT BIG OF A PROBLEM?. Data Breaches: Where is the Horse?.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Marilyn Prosch, Ph.D., CIPP
Arizona State University
W.P. Carey School of Business
Department of Information Systems
Member AICPA/CICA Privacy Task Force
Some of the reported incidents that have recently occurred.
Manhattan Veteran's Affairs Medical Center &
New York Harbor Health Care System
St. Rita's Medical Center
Swedish Medical Center
Univ. Calif. Irvine Medical Center
Sisters of St. Francis Health Services
via Advanced Receivables Strategy
Baystate Medical Center
DCH Health Systems
Baylor Health Care System Inc.
Mercy Medical Center
Cedars-Sinai Medical Center
Group Health Cooperative Health Care System
Southwest Medical Association
Johns Hopkins Hospital
Allina Hospitals and Clinics
CBIZ Medical Management Professionals
Prudential Financial Inc.
Wuesthoff Medical Center
DePaul Medical Center
Beacon Medical Services
Massachusetts General Hospital
Seton Healthcare Network
University of Pittsburgh Medical Center
Christus Health Care
Kaiser Medical Center
St. Anthony Central Hospital
& Veteran's Affairs Medical Center
Bue Cross/Blue Shield
Akron Children's Hospital
Emory University Hospital, Emory Crawford Long Hospital, Grady Memorial Hospital, Geisinger Health System, Williamson Medical Center via Electronic Registry Systems
Back and Joint Institute of Texas
Gulf Coast Medical Center
Jacobs Neurological Institute
Erlanger Health System
Parkland Memorial Hospital
Palo Alto Medical Foundation
Blue Cross Blue Shield
Health Resources, Inc.
Moses Cone Hospital
Kanawha-Charleston Health Dept.
South County Hospital
Kaiser Permanente Colorado
Harris County Hospital
Providence Alaska Medical Center
Swedish Urology Group
via billing company Med Data
Intermountain Health Care
Gundersen Lutheran Medical Center
Catskill Regional Medical Center
New Hampshire Dept. of HS
St. Mary's Hospital, MD
North Carolina Dept. of HHS
St. Vincent Hospital
Sky Lakes Medical Center
via Verus Inc
Mary Washington Hospital
Wellpoint's Empire Blue Cross/
Blue Shield NY
Grady Memorial Hospital
Segal Group of New York
via web site of Vermont agency
New Hampshire's Lakes Region General Hospital
Peninsula Orthopaedic Associates
Healing Hands Chiropractic
Georgia Dept. of Community Health
A Blackberry containing patient information was stolen from the hospital.
The Blackberry contained an email message that included patient information,
such as Social Security numbers, dates of birth and medical histories. 3,200 people affected
Laptop stolen from an employee's car. 14,000 people affected
Laptop stolen from an employee's car. 9,300 people affected
Office broken into and computer stolen. Unknown people affected
Office broken into and laptop stolen. 1,000 people affected
Tapes stolen while in transit. 100,000 people affected
Paper-based records left on a train by an employee. 56 people affected
Child welfare worker’s records ended up with a local TV station. The files, which included names,
Social Security numbers, contact information and details on child abuse investigations, reportedly
were left behind when a DHS worker was evicted from a rent house.
Paper based records stolen from an employee's car. 242 people affected
Records posted on the Internet. The records appeared on a Web site visvabpo.com, which was a defunct
company in India. 1,000 people affected
Documents, such as labels from prescription bottles and old prescriptions, in unsecured dumpsters.
Unknown people affected
A woman was fired for allegedly spying. The employee had access to company files. 431 people affected
Medical records were improperly disposed of when left in a dumpster behind the office.
Getting the Horse
Back in the Barn
…of personal information.
Notice: The entity provides notice about its privacy policies and procedures and identifies the purposes for which personal information is collected, used, retained, and disclosed.
Choice and Consent: The entity describes the choices available to the individual and obtains implicit or explicit consent with respect to the collection, use, retention, and disclosure of personal information.
4. Collection: The entity collects personal information only for the purposes identified in the notice.
5. Use and Retention: The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes.What are the Principles?
7. Disclosure: The entity discloses personal information to third parties only for the purposes identified in the notice and with the implicit or explicit consent of the individual.
8. Security for Privacy: The entity protects personal information against unauthorized access (both physical and logical).
9. Quality: The entity maintains accurate, complete, and relevant personal information for the purposes identified in the notice.
10. Monitoring and Enforcement: The entity monitors compliance with its privacy policies and procedures and has procedures to address privacy-related complaints and disputes.What are the Principles?
With Privacy Policies