Your data has been breached … again … this time by NY Presbyterian Hospital
Attorney General Letitia James announced a $300,000 settlement with The NewYork-Presbyterian Hospital (NYP) for its failure to safeguard patient data. The settlement follows an investigation by the Office of the Attorney General (OAG) into the hospital’s use of tracking tools on its website that disclosed visitors’ health information to third-party tech companies.
The investigation revealed that when visitors used NYP’s website to search for doctors or book appointments, their private health information was collected and shared, breaching the Health Insurance Portability and Accountability Act (HIPAA). As part of the settlement, NYP agreed to implement new policies, ensure the deletion of protected health information, and maintain enhanced privacy safeguards.
“New Yorkers searching for a doctor or medical help should be able to do so without their private information being compromised,” said Attorney General James, who has taken similar action against several entities for data breaches, including US Radiology, Personal Touch, cloud company Blackbaud, Marymount Manhattan College, and a medical management company.