The 161 patients of Dr. Mark G. Midei who are party to a malpractice suit against the cardiologist may have had their personal information compromised as a result of the security practices of a Baltimore law firm, reports Tricia Bishop.
According to the story, an employee of Baxter, Baker, Sidle, Conn & Jones, which represents Midei, lost a hard drive with back-up information, which was "taken home nightly as a security precaution in case of fire or flood, a firm spokesman said, though the portable information was not encrypted — among the most stringent security precautions that is standard practice for health professionals dealing with medical records."
The story points out that this situation may reveal a loophole in the Health Insurance Portability and Accountability Act, or HIPAA, because it doesn't specifically mention that malpractice attorneys need to safeguard data.
Data on the hard drive included patients' names, addresses and social security numbers, as well as their dates of birth and insurance information.
In Maryland, "any business that keeps electronic records containing the personal identifying information of Maryland residents to notify those residents if their information is compromised," according the identity theft unit of the state attorney general's office.