32 Large Patient Data Breaches Since September, Says OCR

Dom Nicastro, for HealthLeaders Media , February 23, 2010

The requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009.

Those regulations require:

  • Notice to patients alerting them to breaches "without unreasonable delay," but no later than 60 days after discovery of the breach
  • Notice to covered entities (CEs) by BAs when BAs discover a breach
  • Notice to the secretary of HHS and prominent media outlets about breaches involving more than 500 patient records
  • Notice to next of kin about breaches involving patients who are deceased
  • Notices to include what happened, the details of the unsecured PHI that was breached, steps to help mitigate harm to the patient, and the CE's response
  • Annual notice to the secretary of HHS 60 days before the end of the calendar year about unsecure PHI breaches involving fewer than 500 patient records
  •  

Other notable breaches posted this week include:

Blue Cross Blue Shield Association
State: District of Columbia
Business associate involved: Merkle Direct Marketing
Approximate number of individuals affected: 15,000
Date of breach: October 7, 2009
Type of breach: unauthorized access
Location of breached information: mailings

Detroit Department of Health and Wellness Promotion
State: Michigan
Approximate number of individuals affected: 10,000
Date of breach: October 22, 2009
Type of Breach: theft
portable electronic device

Universal American, Inc.
State: New York
Business associate involved: Democracy Data & Communications, LLC
Approximate number of individuals affected: 83,000
Date of breach: November 12, 2009
Type of breach: incorrect mailing
Location of breached information: postcards

Kaiser Permanente Medical Care Program
State: California
Approximate number of individuals affected: 15,500
Date of breach: November 1, 2009
Type of breach: theft
Location of breached information: portable electronic device

Goodwill Industries of Greater Grand Rapids, Inc.
State: Michigan
Approximate number of individuals affected: 10,000
Date of breach: December 15, 2009
Type of breach: theft
Location of breached information: backup tapes


Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.


MOST POPULAR

SPONSORED REPORTS
SPONSORED HEADLINES

SIGN UP

FREE e-Newsletters Join the Council Subscribe to HL magazine

SPONSORSHIP & ADVERTISING

100 Winners Circle Suite 300
Brentwood, TN 37027

800-727-5257

About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2014 a division of BLR All rights reserved.