The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Sunday, September 17, 2006

Privacy breaches and outsourcing widespread among US medicare contractors 

A study by the US Government Accountability Office shows that more than 40% of contractors handling public health insurance data have experienced privacy breaches. Unfortunately, the report is unclear about the severity: one misdirected fax is different from widespread information theft, but the report treats them equally. The report also considers the extent of offshore outsourcing and its impact on privacy.

GAO: Health care privacy breaches widespread:

But the frequency and severity of the breaches is unclear

September 06, 2006 (Computerworld) -- More than 40% of U.S. Medicare contractors and state Medicaid agencies have experienced a privacy breach involving personal health information -- although the frequency or severity of the breaches remains unclear, according to report released yesterday by the U.S. Government Accountability Office (download PDF).

The GAO reviewed the role of private contractors in administering three of the nation's major public health insurance programs -- Medicare, Medicaid and the U.S. Department of Defense's Tricare program. Those agencies have medical data on more than 100 million Americans, according to the GAO.

According to the study, 47% of Medicare Advantage contractors reported privacy breaches within the past two years, as did 44% of Medicaid agencies, 42% of Medicare FFS (fee for service) contractors and 38% of the contractors for the Tricare program.

The report noted that more than 90% of Medicare contractors and state Medicaid agencies -- and 63% of Tricare contractors -- reported some level of domestic outsourcing in 2005, involving anywhere from three to 20 U.S. vendors.

In addition, some federal contractors and state Medicaid agencies knew that those domestic vendors had sent some of the work offshore, the GAO said. Thirty-three Medicare Advantage contractors, two Medicare FFS contractors and one Medicaid agency indicated that their domestic vendors transferred personal health information of U.S. citizens offshore. They did not, however, offer data about the scope of the information transferred overseas.

"Moreover, the reported extent of offshore outsourcing by vendors may be understated because many federal contractors and agencies did not know whether their domestic vendors transferred personal health information to other locations or vendors," the GAO said....

Labels: ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs