Invite a Friend

Sitemap

Home

Technology
e-Newsletter

Intelligence Unit

Special Reports

Special Events

Subscribe

Sponsored

Departments

Follow Us

Home > Technology > Tech News & Analysis

Large Patient Information Breaches Pass Century Mark

Comment

RSS

News Widget

Dom Nicastro, for HealthLeaders Media, July 6, 2010

Of the 107 breaches of unsecured PHI, 20 involve business associates (BAs), or nearly one out of every five. HITECH requires BAs to comply with the HIPAA Security Rule and the use and disclosures provision of the privacy rule.

For each entity, OCR lists the location of the breached information, and laptops took the top spot with an appearance in 34 of the 107 breaches (32%). “Paper records” is listed in 22 breaches, and “portable device” in 11 breaches.

Eleven of the entities on the website are listed as “private practice.” OCR has told HealthLeaders Media it will begin posting the names of entities they consider “individuals” regardless of whether or not those entities give consent; the Privacy Act of 1974 offers that “consent” protection. But OCR requested that not be applied here.

The breach affecting the most individuals is AvMed, Inc. of Florida, whose Dec. 10, 2009, breach involving a laptop affected 1.22 million individuals.

Filling out the top five breaches with the largest number of affected individuals are:

AvMed, Inc.
State: Florida

Approximate number of individuals affected: 1,220,000
Date of breach: Dec. 10, 2009
Type of breach: Theft
Location of beached information: Laptop

Blue Cross Blue Shield of Tennessee
State: Tennessee
Approximate number of individuals affected: 998,442
Date of breach: Oct. 2, 2009
Type of breach: Theft
Location of breached information: Hard drives

WellPoint, Inc.
State: Indiana
Approximate number of individuals affected: 480,000
Date of breach: (OCR says Nov. 3, 2010)
Type of Breach: Hacking/IT Incident
Location of Breached Information: Network Server

Affinity Health Plan, Inc.
State: New York
Approximate number of individuals affected: 344,579
Date of breach: Nov. 24, 2009
Type of breach: Other
Location of breached information: Other

Emergency Healthcare Physicians, Ltd.
State: Illinois
Business associate involved: Millennium Medical Management Resources, Inc.
Approximate number of individuals affected: 180,111
Date of breach: Feb. 27, 2010
Type of breach: Theft
Location of breached information: Portable electronic device, other

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

1 | 2

RSS

Archive

Be the first to make a comment

Comments are moderated. Please be patient.

Top Democrats reject new plan to cut Medicare spending

Leading Congressional Democrats immediately recoiled Tuesday from a new proposal to cut $600 billion in Medicare spending over the next decade -- in part by raising the eligibility age. Sens. Joseph I...

AAMI: Meaningful use rewards early interoperability adopters

Evaluating hospital networks, data, drivers and device types should be completed before embarking on an interoperability strategy, said Bridget A. Moorman of BMoorman Consulting at the Association for the...

Opinion: HSAs lucrative for insurers, costly for consumers

In its ongoing attempt to weaken a key provision of the healthcare reform law -- the one that requires insurers to spend at least 80% of premiums on medical care -- the insurance industry is predicting dire...

Book: The Hospital Executive's Guide to Emergency Department Management

With 50-70 percent of hospital admissions coming through the emergency department, it’s the key driver of profitability for your hospital--and where community opinion about your...

go to complete list