Technology
e-Newsletter
Intelligence Unit Special Reports Special Events Subscribe Sponsored Departments Follow Us

Twitter Facebook LinkedIn RSS

Private Practices Revealed On Patient Breach Website

Dom Nicastro, for HealthLeaders Media, July 13, 2010

As long as information qualifies as a "routine use," then that information can be made public without an individual's consent. As soon as the 40-day comment period on the April 13 Federal Register notice was up, OCR had the carte blanche to post names of "private practices."

As of July 6, the OCR website listed 107 entities, including 11 as "private practice." Today, the number is still 107, but none have the "private practice" mask.

Ruelas, the Maryvale director of compliance and risk management in Arizona, sent HealthLeaders Media a report listing the former "private practices" who reported breaches to OCR:

  • Daniel J. Sigmund, MD PC, Stoughton, MA: Dec. 11, 2009; 1,860 affected individuals; theft; portable electronic device; medical record
  • David I. Cohen, MD, Torrance, CA: Sept. 27, 2009; 857 affected individuals; theft, unauthorized access; desktop computer
  • Ernest T Bice Jr., DDS PA, San Antonio, Texas: Feb. 20, 2010; 21,000 affected individuals; theft, portable electronic device, other
  • Heriberto Rodriguez ? Ayala, MD, McAllen, Texas: April 3, 2010; 4,200 affected individuals; theft, laptop
  • Joseph F. Lopez, MD, Torrance, CA: Sept. 27, 2009; 952 individuals affected; theft, unauthorized access; desktop computer
  • Keith W. Mann, DDS PLLC, Wilmington, NC: Dec. 8, 2009; 2,000 individuals affected; hacking/IT incident; computer, network server, electronic medical record
  • L. Douglas Carlson, MD, Torrance, CA: Sept. 27, 2009; 5,257 affected individuals; theft, unauthorized access; desktop computer
  • Mark D. Lurie, MD, Torrance, CA: Sept. 27, 2009; 5,166 affected individuals; theft, unauthorized access; desktop computer
  • Mary M. Desch, MD, Arizona: May 15, 2010; 5,893 individuals affected; theft; laptop
  • Michele Del Vicario, MD, Torrance, CA: Sept. 27, 2009; 6,145 affected individuals; theft, unauthorized access; desktop computer
  • Nihal Saran, MD, Michigan: May 2, 2010; 2,300 individuals affected; theft; laptop

According to the original OCR breach notification website, which is still live, the source of the breaches in Torrance, CA, was a desktop computer where information was accessed without authorization. They are each listed on the same date but with different practitioners and varying numbers of affected individuals.

"If one goal is for those leading the HITECH Act enforcement efforts at the federal level is to be more transparent to the public with respect to information related to reported breaches," Ruelas says, "this new website with its identification of previously masked covered entities is a tangible step in this direction."


Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.