HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Dec
02

Large data breaches double since July

Email This Post Print This Post

The number of entities reporting breaches of unsecured protected health information (PHI) affecting 500 or more individuals is close to reaching the 200 mark.

As of Tuesday, November 30, the number of entities reporting breaches to the government’s HIPAA privacy and security enforcer hit 197. The number of entities—listed on the Office for Civil Rights (OCR) breach notification website–has almost doubled since July, when the number hit 107.

In the past five months, 90 new reports have surfaced, or an average of 18 per month, a higher pace than the 15-per-month the first five months after OCR launched the website.

The list is required by HITECH, the American Recovery and Reinvestment Act of 2009 privacy subpart that includes greater breach notification requirements, more public scrutiny and increased fines for HIPAA violations.

The reporting requirement is included in the interim final rule on breach notification, which became effective on September 23, 2009.

The breach affecting the most individuals is still AvMed, Inc. of Florida, whose Dec. 10, 2009, breach involving a laptop affected 1.22 million individuals.

Laptops are still the number one location of breach information on the list, accounting for 55 of the 197 reports (27.9%). Paper records (41 reports), desktop computers (32) and portable electronic devices (29) follow.

The top five breaches with the largest number of affected individuals are:

  1. AvMed, Inc.
    State: Florida
    Approximate number of individuals affected: 1,220,000
    Date of breach: Dec. 10, 2009
    Type of breach: Theft
    Location of beached information: Laptop
  2. Blue Cross Blue Shield of Tennessee
    State: Tennessee
    Approximate number of individuals affected: 1,023,209
    Date of breach: Oct. 2, 2009
    Type of breach: Theft
    Location of breached information: Hard drives
  3. South Shore Hospital (MA)
    State: Massachusetts
    Approximate number of individuals affected: 800,000
    Date of breach: Feb. 26, 2010
    Type of Breach: Loss
    Location of Breached Information: Portable Electronic Device, Electronic Medical Record, Other
  4. Puerto Rico Department of Health
    State: Puerto Rico
    Approximate number of individuals affected: 400,000
    Date of breach: Sept. 21, 2010
    Type of Breach: Unauthorized access/disclosure, hacking/IT incident
    Location of Breached Information: Network Server
  5. Affinity Health Plan, Inc.
    State: New York
    Approximate number of individuals affected: 344,579
    Date of breach: Nov. 24, 2009
    Type of breach: Other
    Location of breached information: Other

Leave a Reply