Private Practices Revealed On Patient Breach Website
As long as information qualifies as a "routine use," then that information can be made public without an individual's consent. As soon as the 40-day comment period on the April 13 Federal Register notice was up, OCR had the carte blanche to post names of "private practices."
As of July 6, the OCR website listed 107 entities, including 11 as "private practice." Today, the number is still 107, but none have the "private practice" mask.
Ruelas, the Maryvale director of compliance and risk management in Arizona, sent HealthLeaders Media a report listing the former "private practices" who reported breaches to OCR:
- Daniel J. Sigmund, MD PC, Stoughton, MA: Dec. 11, 2009; 1,860 affected individuals; theft; portable electronic device; medical record
- David I. Cohen, MD, Torrance, CA: Sept. 27, 2009; 857 affected individuals; theft, unauthorized access; desktop computer
- Ernest T Bice Jr., DDS PA, San Antonio, Texas: Feb. 20, 2010; 21,000 affected individuals; theft, portable electronic device, other
- Heriberto Rodriguez ? Ayala, MD, McAllen, Texas: April 3, 2010; 4,200 affected individuals; theft, laptop
- Joseph F. Lopez, MD, Torrance, CA: Sept. 27, 2009; 952 individuals affected; theft, unauthorized access; desktop computer
- Keith W. Mann, DDS PLLC, Wilmington, NC: Dec. 8, 2009; 2,000 individuals affected; hacking/IT incident; computer, network server, electronic medical record
- L. Douglas Carlson, MD, Torrance, CA: Sept. 27, 2009; 5,257 affected individuals; theft, unauthorized access; desktop computer
- Mark D. Lurie, MD, Torrance, CA: Sept. 27, 2009; 5,166 affected individuals; theft, unauthorized access; desktop computer
- Mary M. Desch, MD, Arizona: May 15, 2010; 5,893 individuals affected; theft; laptop
- Michele Del Vicario, MD, Torrance, CA: Sept. 27, 2009; 6,145 affected individuals; theft, unauthorized access; desktop computer
- Nihal Saran, MD, Michigan: May 2, 2010; 2,300 individuals affected; theft; laptop
According to the original OCR breach notification website, which is still live, the source of the breaches in Torrance, CA, was a desktop computer where information was accessed without authorization. They are each listed on the same date but with different practitioners and varying numbers of affected individuals.
"If one goal is for those leading the HITECH Act enforcement efforts at the federal level is to be more transparent to the public with respect to information related to reported breaches," Ruelas says, "this new website with its identification of previously masked covered entities is a tangible step in this direction."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- Drug Pricing 'Tantamount to Greed,' Lawmaker Says
- CVS Ramps Up Retail Clinics with Provider Affiliations
- Study Puts Spotlight on Preventing Fall-Related Injuries
- Surgical Checklists Unused in 10% of Hospitals, CMS Data Shows
- Wanted: Nurse PhDs
- The Infection-Busting Treatment Payers Don’t Want to Talk About
- Contradictory Obamacare Rulings Issued by Appellate Courts
- 4 Tectonic Shifts Shaking Up Healthcare
- As HIPAA Breaches Accelerate, Tools Lag
- Doctors Feel Pressure to Accept Risk-based Reimbursement