Legislation To Protect Hospital Records Being Introduced - Southern Maryland Headline News

Legislation To Protect Hospital Records Being Introduced

By Senator Roy Dyson

Like me, many of you may have received an alarming letter in the mail from either St. Mary’s Hospital or Johns Hopkins University Hospital informing us that a laptop computer had been taken.

According to St. Mary’s Hospital’s letter to me, the laptop contained information including names, social security numbers and birthdates of thousands of former patients dating back to the 1980s.

St. Mary’s has notified law enforcement agencies about this potential breach of patient’s individual information. St. Mary’s Hospital has brought in National ID Recovery, LLC which specializes in managing systems in which data may have been compromised. They will work with you to monitor your information for potential identity theft. Call 1-800-836-5679 to speak to a paralegal if you wish to enroll in this free program.

St. Mary’s Hospital was right to let people who have received care there that this situation had occurred. I also appreciated St. Mary’s Hospital President and CEO Christine Wray calling my office to answer any questions I may have had about this breach of security in my official position as State Senator. Obviously, a lot of people were upset that their personal information may have been compromised and they may become victims of identity theft. It would have been easy for St. Mary’s Hospital and Johns Hopkins to cover-up this incident. Because, by law, they could have done just that.

There is no statute that required either hospital to reveal this information. For this reason, I have introduced legislation that would strengthen our identity theft laws in Maryland. This legislation would mandate that a “business” – which St. Mary’s Hospital is – protects an individual’s personal information.

When a business is destroying a customer’s records containing the customer’s personal information, the business must take all reasonable steps to destroy or arrange for the destruction of the records in a manner that makes the information unreadable or undecipherable through any mean.

A business that compiles, maintains or makes available personal information of a Maryland resident must implement and maintain reasonable and appropriate security procedures and practices to protect the personal information from unauthorized access, destruction, use, modification or disclosure.

A business that compiles, maintains or makes available records that include a Maryland resident’s personal information must notify the individual of a breath of the security of a system, if, as a result of the breach, the individual’s personal information has either been acquired by an unauthorized person or is reasonably believed to have been acquired by an unauthorized person.

Notification of a breach under this legislation may be given by written, electronic or by telephonic communication.

This notification must include description of the categories of information, including which elements of personal information, that were, or are reasonably believed to have been acquired; contact information for the business making the notification, specified contact information for the major consumer reporting agencies and specified contact and other information relation to the Federal Trade Commission and the Office of the Attorney General.

I introduced one of the first identity theft bills several years ago, but this is an ongoing problem that is difficult to keep a handle on because those who commit these crimes are always coming up with new and diabolical ways to steal people’s identities. I believe this bill is an extremely strong deterrent to this problem.


Sensitive Data Stolen From St. Mary's Hospital, February 08, 2007

Sponsored Content

Reader Comments

Featured Sponsor

The Calvert County Times
Free color newspaper on local newsstands and online every Thursday.

Follow SoMd HL News