HIPAA Auditor Involved in Own Data Breach
The company hired by the Office for Civil Rights (OCR) to conduct nationwide HIPAA privacy and security compliance audits was responsible for a breach that includes the loss of an unencrypted flash drive and affects more than 4,500 patient records.
OCR’s request for audit proposals came in February 2011, about eight months after KPMG, LLP, reported its breach to the New Jersey healthcare system.
KPMG, which won OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011, told the Saint Barnabas Health Care System of West Orange, NJ, in June 2010 that a KPMG employee lost an unencrypted flash drive that may have contained a list with some patient names and information about their care, Saint Barnabas reported on its website.
The potential breach affected individuals at two facilities—3,630 patients at Saint Barnabas Medical Center in Livingston, NJ, and 956 patients at Newark Beth Israel Medical Center in Newark, NJ—according to a report on the OCR breach notification website. The website lists entities reporting breaches affecting 500 or more individuals, a HITECH requirement that went live in February 2010.
The flash drive did not include patient addresses, Social Security numbers, personal identification numbers, dates of birth, financial information, or other identifiable information, according to the report on the Saint Barnabas website.
KPMG reported the matter to the New Jersey healthcare system June 29, 2010. KPMG believes the flash drive was misplaced on or about May 10, 2010, according to Saint Barnabas.
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- Carondelet to Pay $35M to Settle Fraud Allegations
- Some Cancer Hospitals' Quality Data Will Soon Be Public
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CA Powers Up $80M HIE to 'Create Value in the Data'
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- 3 Traits Personality Assessments Can't Reveal