32 Large Patient Data Breaches Since September, Says OCR
OCR posted on its Web site a list of covered entities this week that have reported breaches of unsecured PHI affecting more than 500 individuals, fulfilling its obligation under HITECH.
The HHS organization, which oversees enforcement and compliance of the HIPAA privacy and security rules, reports that since September 22, 2009, 32 covered entities have reported breaches that affected at least 500 individuals.
In the cases where a business associate (BA) is involved, OCR lists those organizations as well. OCR reports that among the 32 breaches of 500 or more, seven included BAs. OCR cited one of the BAs by name -- Rick Lawson of Professional Computer Services. That reported breach, in Wilmington, NC, involved 2,000 individuals and was the result of a hacker, according to OCR.
The most egregious breach case came from Blue Cross Blue Shield of Tennessee, which affected 500,000 as a result of stolen hard drives, OCR reported on its Web site.
Following Blue Cross Blue Shield is AvMed, Inc., a Gainesville, FL, health plan. That reported breach occurred on December 10, 2009 and affected 359,000 individuals, according to the post on the OCR site. It resulted from a stolen laptop.
HITECH requires OCR to make public any breaches of 500 or more. OCR says on the site it will continue to update the page as it receives new reports of breaches of unsecured PHI.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- 3 Traits Personality Assessments Can't Reveal
- Antibiotic Overuse a 'Huge Threat' to Patient Safety, Says CDC
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- Carondelet to Pay $35M to Settle Fraud Allegations
- CHS Hacked, 4.5M Patient Records Compromised