Invite a Friend

Sitemap

Home

Technology
e-Newsletter

Intelligence Unit

Special Reports

Special Events

Subscribe

Sponsored

Departments

Follow Us

Home > Technology > Tech News & Analysis

32 Large Patient Data Breaches Since September, Says OCR

Comment

RSS

News Widget

Dom Nicastro, for HealthLeaders Media, February 23, 2010

The requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009.

Those regulations require:

Notice to patients alerting them to breaches "without unreasonable delay," but no later than 60 days after discovery of the breach
Notice to covered entities (CEs) by BAs when BAs discover a breach
Notice to the secretary of HHS and prominent media outlets about breaches involving more than 500 patient records
Notice to next of kin about breaches involving patients who are deceased
Notices to include what happened, the details of the unsecured PHI that was breached, steps to help mitigate harm to the patient, and the CE's response
Annual notice to the secretary of HHS 60 days before the end of the calendar year about unsecure PHI breaches involving fewer than 500 patient records

Other notable breaches posted this week include:

Blue Cross Blue Shield Association
State: District of Columbia
Business associate involved: Merkle Direct Marketing
Approximate number of individuals affected: 15,000
Date of breach: October 7, 2009
Type of breach: unauthorized access
Location of breached information: mailings

Detroit Department of Health and Wellness Promotion
State: Michigan
Approximate number of individuals affected: 10,000
Date of breach: October 22, 2009
Type of Breach: theft
portable electronic device

Universal American, Inc.
State: New York
Business associate involved: Democracy Data & Communications, LLC
Approximate number of individuals affected: 83,000
Date of breach: November 12, 2009
Type of breach: incorrect mailing
Location of breached information: postcards

Kaiser Permanente Medical Care Program
State: California
Approximate number of individuals affected: 15,500
Date of breach: November 1, 2009
Type of breach: theft
Location of breached information: portable electronic device

Goodwill Industries of Greater Grand Rapids, Inc.
State: Michigan
Approximate number of individuals affected: 10,000
Date of breach: December 15, 2009
Type of breach: theft
Location of breached information: backup tapes

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

1 | 2

RSS

Archive

Be the first to make a comment

Comments are moderated. Please be patient.

CDPH Data Breach Affects 9,000 State Workers

For the second time in just over six months, officials at the California Department of Public Health have acknowledged a major breach of health and personal information from within their own agency.

Derby, CT-based Griffin Hospital reports breach of 957 patients' records

Medical information for 957 patients at Derby, CT-based Griffin Hospital was breached by a radiologist who broke into a computer archive system over a period of several weeks after he was terminated in...

CVS Works on Patient Privacy Improvements Following Fine

CVS Caremark Corp., parent company of the national's largest pharmacy chain, has implemented a chain-wide shredding program in light of the $2.25 million fine handed down in February by the Department of...

Continuing Education: HIPAA Privacy and Security: Executive, Administrative, and Corporate Staff

This course explains the HIPAA privacy and security rules that are relevant to the executive, administrative, and corporate staff. It also addresses the HIPAA Omnibus Rule, the HITECH Act...

go to complete list