Personal information doesn’t get much more personal than your medical history. Ensuring your medical records are secure remains a top priorty for the Federal Trade Commission as they settled their 50th data security case on Friday.
The FTC announced that GMR Transcription Services, Inc. has agreed to settle charges that its inadequate data security measures resulted in thousands of consumers’ medical transcripts being indexed by a major search engine and available publicly online.
Affected transcripts were prepared by hired contractors between March 2011 and October 2011. Some of the files contained notes from medical examination of children and information concerning psychiatric disorders, alcohol use, drug abuse and pregnancy loss.
GMR’s privacy statements and policies promised consumers that their personal information would be highly secured. However, the company did not require individual contracts to implement security measures and in one case files were stored in readable text on a server accessible online.
As part of the settlement, GMR must establish a comprehensive information security system program to protect consumers’ personal information. The program must be evaluated initially and every two years by a third-party for the next 20 years.
The charges against GMR marks the FTC’s 50th data security case since beginning the data security enforcement program 12 years ago.