Large Patient Information Breaches Pass Century Mark

Dom Nicastro, for HealthLeaders Media , July 6, 2010

Of the 107 breaches of unsecured PHI, 20 involve business associates (BAs), or nearly one out of every five. HITECH requires BAs to comply with the HIPAA Security Rule and the use and disclosures provision of the privacy rule.

For each entity, OCR lists the location of the breached information, and laptops took the top spot with an appearance in 34 of the 107 breaches (32%). “Paper records” is listed in 22 breaches, and “portable device” in 11 breaches.

Eleven of the entities on the website are listed as “private practice.” OCR has told HealthLeaders Media it will begin posting the names of entities they consider “individuals” regardless of whether or not those entities give consent; the Privacy Act of 1974 offers that “consent” protection. But OCR requested that not be applied here.

The breach affecting the most individuals is AvMed, Inc. of Florida, whose Dec. 10, 2009, breach involving a laptop affected 1.22 million individuals.

Filling out the top five breaches with the largest number of affected individuals are:

AvMed, Inc.
State: Florida


Approximate number of individuals affected: 1,220,000
Date of breach: Dec. 10, 2009
Type of breach: Theft
Location of beached information: Laptop


Blue Cross Blue Shield of Tennessee
State: Tennessee
Approximate number of individuals affected: 998,442
Date of breach: Oct. 2, 2009
Type of breach: Theft
Location of breached information: Hard drives

WellPoint, Inc.
State: Indiana
Approximate number of individuals affected: 480,000
Date of breach: (OCR says Nov. 3, 2010)
Type of Breach: Hacking/IT Incident
Location of Breached Information: Network Server

Affinity Health Plan, Inc.
State: New York
Approximate number of individuals affected: 344,579
Date of breach: Nov. 24, 2009
Type of breach: Other
Location of breached information: Other

Emergency Healthcare Physicians, Ltd.
State: Illinois
Business associate involved: Millennium Medical Management Resources, Inc.
Approximate number of individuals affected: 180,111
Date of breach: Feb. 27, 2010
Type of breach: Theft
Location of breached information: Portable electronic device, other

Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.

Comments are moderated. Please be patient.




FREE e-Newsletters Join the Council Subscribe to HL magazine


100 Winners Circle Suite 300
Brentwood, TN 37027


About | Advertise | Terms of Use | Privacy Policy | Reprints/Permissions | Contact
© HealthLeaders Media 2015 a division of BLR All rights reserved.