Please note that this website will be undergoing maintenance on 9/5/2010, between 12:00 AM and 3:00 AM EDT. The site may be unavailable during this time.

HHS: 68 Medical Breaches In Seven Months

New reporting requirement shows how often patients records are exposed
May 4, 2010

Sixty-eight health care organizations suffered breaches involving patient records of more than 500 people each from September 2009 through March 2010, according to the latest reports collected by the U.S. Department of Health and Human Services.

Overwhelmingly — about two-thirds of the time — the breaches occurred because of the theft of a record storage device, such as a laptop computer, according to a report by Modern Healthcare magazine on its Web site.

The federal stimulus act passed last year required health care organizations to provide notice of significant data breaches of patient records  — those involving more than 500 people. The law requires health care organizations to provide notices of those larger breaches to the people affected, to the organization’s area media, and to HHS. The federal agency posts details of those larger breaches on its Web site.

The breaches are significant because they may put affected patients at risk of identity theft.

Modern Healthcare analyzed the first 64 breaches submitted to HHS — from September 2009 through March of 2010 — and found that:

• Hospitals had the most data breaches reported to HHS, with 23 reporting breaches. Others reporting breaches: 13 health plans, 13 physicians offices, and four clinics.

• The average hospital breach affected 6,251 people; the average physician’s office breach affected 4,496.

• The median breach of all 64 reporting organizations affected 2,667 people.

• The storage device that was most often stolen was a laptop computer — 26 percent of the breaches that involved theft of a storage device involved laptops.

• Computer hackers accounted for just two of the breach incidents, or 3 percent.

The largest breach of the 64 was one of the first that happened after the new reporting requirement went into effect. BlueCross BlueShield of Tennessee has acknowledged a breach affecting at least 998,422 current and former members after 57 BlueCross BlueShield computer hard drives were stolen in early October 2009.

California, home to the first state breach-notification law, had the largest proportion of reported incidents, at 20 percent, according to the Modern Healthcare report. Texas followed with 6 percent of the incidents.

©2003-2010 Identity Theft 911, LLC. All rights reserved.

.
.