The number of entities reporting breaches of unsecured protected
health information (PHI) affecting 500 or more individuals is close to
reaching the 200 mark.
As of Tuesday, November 30, the number of entities reporting breaches
to the government's HIPAA privacy and security enforcer hit 197. The
number of entities—listed on the Office for Civil Rights (OCR) breach
notification website--has almost doubled since July, when the number
hit 107.
In the past five months, 90 new reports have surfaced, or an average
of 18 per month, a higher pace than the 15-per-month the first five
months after OCR launched the website.
The list is required by HITECH, the American Recovery and Reinvestment
Act of 2009 privacy subpart that includes greater breach notification
requirements, more public scrutiny and increased fines for HIPAA
violations.
The reporting requirement is included in the interim final rule on
breach notification, which became effective on September 23, 2009.
The breach affecting the most individuals is still AvMed, Inc. of
Florida, whose Dec. 10, 2009, breach involving a laptop affected 1.22
million individuals.
Laptops are still the number one location of breach information on the
list, accounting for 55 of the 197 reports (27.9%). Paper records (41
reports), desktop computers (32) and portable electronic devices (29)
follow.
The top five breaches with the largest number of affected individuals are:
AvMed, Inc.
State: Florida
Approximate number of individuals affected: 1,220,000
Date of breach: Dec. 10, 2009
Type of breach: Theft
Location of beached information: Laptop
Blue Cross Blue Shield of Tennessee
State: Tennessee
Approximate number of individuals affected: 1,023,209
Date of breach: Oct. 2, 2009
Type of breach: Theft
Location of breached information: Hard drives
South Shore Hospital (MA)
State: Massachusetts
Approximate number of individuals affected: 800,000
Date of breach: Feb. 26, 2010
Type of Breach: Loss
Location of Breached Information: Portable Electronic Device,
Electronic Medical Record, Other
Puerto Rico Department of Health
State: Puerto Rico
Approximate number of individuals affected: 400,000
Date of breach: Sept. 21, 2010
Type of Breach: Unauthorized access/disclosure, hacking/IT incident
Location of Breached Information: Network Server
Affinity Health Plan, Inc.
State: New York
Approximate number of individuals affected: 344,579
Date of breach: Nov. 24, 2009
Type of breach: Other
Location of breached information: Other
No comments:
Post a Comment