Breaches Affecting 500 or More Individuals
As required by section 13402(e)(4) of the HITECH Act, the Secretary must post a list of breaches of unsecured protected health information affecting 500 or more individuals. The following breaches have been reported to the Secretary.
The Methodist Hospital
State: Texas
Approx. # of Individuals Affected: 689
Date of Breach: 1/18/10
Type of Breach: Theft
Location of Breached Information: Computer
via Breaches Affecting 500 or More Individuals.
OCR posted on its Web site a list of covered entities this week that have reported breaches of unsecured PHI affecting more than 500 individuals, fulfilling its obligation under HITECH.
The HHS organization, which oversees enforcement and compliance of the HIPAA privacy and security rules, reports that since September 22, 2009, 32 covered entities have reported breaches that affected at least 500 individuals.
via 32 Large Patient Data Breaches Since September, Says OCR.
As providers move to cut operational costs, many are taking their business associate (BA) dealings offshore. And while sending protected health information overseas can be a risky endeavor for patients and health care organizations, one expert says the process has built-in safeguards, including financial motivators on the BA side, which can make working with offshore business associates as safe — if not safer — than working with those in the U.S.
via Offshore HIPAA Business Associates Pose Extra PHI Risks, but Have Incentives to Self-Regulate.
Lack of a risk analysis. Organizations either haven't conducted a risk analysis or, they last conducted one in 2005 when the HIPAA rule became final, he says. A risk analysis is “the foundation for your security program,” he says. “You need that to build on.”
via Five Stumbling Blocks Hinder HIPAA Compliance.
Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter
University Medical Center officials said Monday that personal information of traffic accident victims was likely leaked from its trauma center for more than three months, and stopped only after the Las Vegas Sun told the hospital about the breach.
via UMC admits to prolonged patient privacy leak – Tuesday, Jan. 26, 2010 | 2 a.m. – Las Vegas Sun.
… When we asked the 379 respondents to our InformationWeek Analytics survey on regulatory compliance how many requirement sets their organizations are addressing, the No. 1 answer was four or more, at 35%.
via Comply And/Or Die: Conforming With Multiple Regulations — Compliance — InformationWeek.
The state of Connecticut is suing health insurer Health Net, following a data breach that saw 446 000 Connecticut residents’ records compromised, it said yesterday.
via Infosecurity USA – Connecticut goes after Health Net for breach.
A former UCLA Healthcare System employee pleaded guilty today to four counts of illegally reading private and confidential medical records, mostly from celebrities and other high-profile patients.
via LawFuel – The Law News Network.
HHS intends to hire a contractor to demonstrate either the “ability or inability” to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule
via HHS wants contractor to test privacy of ‘anonymous’ data — Federal Computer Week.