The 161 patients of Dr. Mark G. Midei who are party to a malpractice suit against the cardiologist may have had their personal information compromised as a result of the security practices of a Baltimore law firm, reports Tricia Bishop.
According to the story, an employee of Baxter, Baker, Sidle, Conn & Jones, which represents Midei, lost a hard drive with back-up information, which was "taken home nightly as a security precaution in case of fire or flood, a firm spokesman said, though the portable information was not encrypted — among the most stringent security precautions that is standard practice for health professionals dealing with medical records."
The story points out that this situation may reveal a loophole in the Health Insurance Portability and Accountability Act, or HIPAA, because it doesn't specifically mention that malpractice attorneys need to safeguard data.
Data on the hard drive included patients' names, addresses and social security numbers, as well as their dates of birth and insurance information.
In Maryland, "any business that keeps electronic records containing the personal identifying information of Maryland residents to notify those residents if their information is compromised," according the identity theft unit of the state attorney general's office.
Lawyer's office loses hard drive with patient information: Naughty Business of the Week
We've upgraded our reader commenting system. Learn more about the new features.
The Baltimore Sun encourages civil dialogue related to our stories; you must register and log-in to our site in order to participate. We reserve the right to remove any user and to delete comments that violate our Terms of Service. By commenting, you agree to these terms. Please flag inappropriate comments.