Children's Hospital Reports Second Data Breach

Children's National Hospital has - again - been the subject of a data breach of personal health information as reported by the Washington Business Journal.

In a notice sent to patient families, the D.C. health system said the issue arose with Centreville-based Ascend Healthcare Systems. Ascend provided medical transcription services to Children's National from May 1 until June 23, 2014, when Children's ceased doing business with them.

The breach apparently stems from a third party company named "Ascend" which "inadvertently placed those files on a file transfer protocol (or FTP) site that was configured in a way that allowed access to the transcription documents from the Web."

Under the HIPAA Privacy Rule, covered entities (such as Children's National Hospital) are responsible for the privacy and security failures of these third parties, called "business associates."

This breach comes a little more than a year after Children's Hospital announced a breach that involved the loss of personal health information and financial information, including social security numbers.  Approximately 4,000 patient families have received notice of this latest breach.