Today's compliance deadline - Enforcement of the HITECH/HIPAA data breach notification rule
February and March are just full of significant deadlines for privacy/security reporting and compliance.
Today is the day that the Health & Human Services Office of Civil Rights begins to enforce the HITECH/HIPAA data breach notification rule. To "celebrate" the occasion, the agency publicly posted the first list of reported breaches affecting 500 or more individuals. The list is available on the HHS’ website, but I thought I would post them here. Reasonably instructive…..see any trends??
Breaches Affecting 500 or More Individuals
As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary.
The Methodist Hospital
State:
Texas
Approx. # of Individuals Affected:
689
Date of Breach:
1/18/10
Type of Breach:
Theft
Location of Breached Information:
Computer
Carle Clinic Association
State:
Illinois
Approx. # of Individuals Affected:
1,300
Date of Breach:
1/13/10
Type of Breach:
Theft
Location of Breached Information:
Paper Records and Films
Ashley and Gray DDS
State:
Missouri
Approx. # of Individuals Affected:
9,309
Date of Breach:
1/10/10
Type of Breach:
Theft
Location of Breached Information:
Desktop Computer
Educators Mutual Insurance Association of Utah
State:
Utah
Business Associate Involved:
Health Behavior Innovations
Approx. # of Individuals Affected:
5,700
Date of Breach:
12/27/09
Type of Breach:
Theft
Location of Breached Information:
CDs
Goodwill Industries of Greater Grand Rapids, Inc.
State:
Michigan
Approx. # of Individuals Affected:
10,000
Date of Breach:
12/15/09
Type of Breach:
Theft
Location of Breached Information:
Backup Tapes
Private Practice
City and State:
Stoughton, MA
Approx. # of Individuals Affected:
1,860
Date of Breach:
12/11/09
Type of Breach:
Theft
Location of Breached Information:
Portable Electronic Device/Electronic Medical Record
AvMed, Inc.
State:
Florida
Approx. # of Individuals Affected:
359,000
Date of Breach:
12/10/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Blue Island Radiology Consultants
State:
Illinois
Business Associate Involved:
United Micro Data
Approx. # of Individuals Affected:
2,562
Date of Breach:
12/09/09
Type of Breach:
Loss
Location of Breached Information:
Backup Tapes
Private Practice
City and State:
Wilmington, NC
Business Associate Involved:
Rick Lawson, Professional Computer Services
Approx. # of Individuals Affected:
2,000
Date of Breach:
12/08/09
Type of Breach:
Hacking/IT Incident
Location of Breached Information:
Computer/Network Server/Electronic Medical Record
Kaiser Permanente Medical Care Program
State:
California
Approx. # of Individuals Affected:
15,500
Date of Breach:
12/01/09
Type of Breach:
Theft
Location of Breached Information:
Portable Electronic Device
University of California, San Francisco
State:
California
Approx. # of Individuals Affected:
7,300
Date of Breach:
11/30/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Detroit Department of Health and Wellness Promotion
State:
Michigan
Approx. # of Individuals Affected:
646
Date of Breach:
11/26/09
Type of Breach:
Theft
Location of Breached Information:
Laptop, Desktop Computer
Advocate Health Care
State:
Illinois
Approx. # of Individuals Affected:
812
Date of Breach:
11/24/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Concentra
State:
Texas
Approx. # of Individuals Affected:
900
Date of Breach:
11/19/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Children's Medical Center of Dallas
State:
Texas
Approx. # of Individuals Affected:
3,800
Date of Breach:
11/19/09
Type of Breach:
Loss
Location of Breached Information:
Portable Electronic Device
Universal American, Inc.
State:
New York
Business Associate Involved:
Democracy Data & Communications, LLC
Approx. # of Individuals Affected:
83,000
Date of Breach:
11/12/09
Type of Breach:
Incorrect Mailing
Location of Breached Information:
Postcards
Massachusetts Eye and Ear Infirmary
State:
Massachusetts
Approx. # of Individuals Affected:
1,076
Date of Breach:
11/10/09
Type of Breach:
Theft
Location of Breached Information:
Other
Kern Medical Center
State:
California
Approx. # of Individuals Affected:
596
Date of Breach:
10/31/09
Type of Breach:
Theft
Location of Breached Information:
Paper Records
Blue Cross Blue Shield Association
State:
District of Columbia
Business Associate Involved:
Service Benefits Plan Administrative Services Corp.
Approx. # of Individuals Affected:
3,400
Date of Breach:
10/26/09
Type of Breach:
Unauthorized Access
Location of Breached Information:
Mailings
Detroit Department of Health and Wellness Promotion
State:
Michigan
Approx. # of Individuals Affected:
10,000
Date of Breach:
10/22/09
Type of Breach:
Theft
Location of Breached Information:
Portable Electronic Device
The Children's Hospital of Philadelphia
State:
Pennsylvania
Approx. # of Individuals Affected:
943
Date of Breach:
10/20/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Public Employee Health Insurance Plan (Kentucky Employees' Health Plan)
State:
Kentucky
Approx. # of Individuals Affected:
676
Date of Breach:
10/20/09
Type of Breach:
Misdirected E-mail
Location of Breached Information:
E-mail
Brooke Army Medical Center
State:
Texas
Approx. # of Individuals Affected:
1,000
Date of Breach:
10/16/09
Type of Breach:
Theft
Location of Breached Information:
Paper Records
Alaska Department of Health and Social Services
State:
Alaska
Approx. # of Individuals Affected:
501
Date of Breach:
10/12/09
Type of Breach:
Theft
Location of Breached Information:
Portable USB Device
Cogent Healthcare of Wisconsin, S.C.
State:
Tennessee
Business Associate Involved:
Cogent Healthcare, Inc.
Approx. # of Individuals Affected:
6,400
Date of Breach:
10/11/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Health Services for Children with Special Needs, Inc.
State:
District of Columbia
Approx. # of Individuals Affected:
3,800
Date of Breach:
10/09/09
Type of Breach:
Loss
Location of Bre
ached Information:
Laptop
Blue Cross Blue Shield Association
State:
District of Columbia
Business Associate Involved:
Merkle Direct Marketing
Approx. # of Individuals Affected:
15,000
Date of Breach:
10/07/09
Type of Breach:
Unauthorized Access
Location of Breached Information:
Mailings
Blue Cross Blue Shield of Tennessee
State:
Tennessee
Approx. # of Individuals Affected:
500,000
Date of Breach:
10/02/09
Type of Breach:
Theft
Location of Breached Information:
Hard Drives
City of Hope National Medical Center
State:
California
Approx. # of Individuals Affected:
5,900
Date of Breach:
9/27/09
Type of Breach:
Theft
Location of Breached Information:
Laptop
Private Practice
City and State:
Torrance, CA
Approx. # of Individuals Affected:
6,145
Date of Breach:
9/27/09
Type of Breach:
Theft, Unauthorized Access
Location of Breached Information:
Desktop Computer
Private Practice
City and State:
Torrance, CA
Approx. # of Individuals Affected:
5,166
Date of Breach:
9/27/09
Type of Breach:
Theft, Unauthorized Access
Location of Breached Information:
Desktop Computer
Private Practice
City and State:
Torrance, CA
Approx. # of Individuals Affected:
5,257
Date of Breach:
9/27/09
Type of Breach:
Theft, Unauthorized Access
Location of Breached Information:
Desktop Computer
Private Practice
City and State:
Torrance, CA
Approx. # of Individuals Affected:
857
Date of Breach:
9/27/09
Type of Breach:
Theft, Unauthorized Access
Location of Breached Information:
Desktop Computer
Private Practice
City and State:
Torrance, CA
Approx. # of Individuals Affected:
952
Date of Breach:
9/27/09
Type of Breach:
Theft, Unauthorized Access
Location of Breached Information:
Desktop Computer
University of California, San Francisco
State:
California
Approx. # of Individuals Affected:
610
Date of Breach:
9/22/09
Type of Breach:
Phishing Scam
Location of Breached Information:
Email
Mid America Kidney Stone Association, LLC
State:
Missouri
Approx. # of Individuals Affected:
1,000
Date of Breach:
9/22/09
Type of Breach:
Theft
Location of Breached Information:
Network Server