3 Breaches Added to Federal TallyTwo involved laptop theft
The Office for Civil Rights within the U.S. Department of Health and Human Services regularly updates on its Web site a list of organizations that have notified the Department of Health and Human Services about a breach of unsecured health information involving more than 500 individuals. Under the HITECH Act's breach notification rule, such incidents must be reported to HHS and the media within 60 days.
The three most recently added cases are:
Mount Sinai Medical Center
The Miami Beach hospital reported that on March 9, an unencrypted laptop computer containing hearing test information on about 2,600 newborns was stolen.
The information on the device included the parent's name, infant's name, infant's date of birth, medical record number and hearing test results. The hospital has notified all parents involved and "has increased the level of security provided for laptop computers and instituted additional measures to ensure that health information contained on portable computers and similar devices may only be accessed by authorized individuals," according to a statement.
As described earlier on HealthcareInfoSecurity.com, Griffin Hospital in Derby, Conn., reported a breach by a radiologist who apparently took information from the hospital, where he formerly worked, and used it to drum up business at another hospital.
Alabama physician practice
Hypertension, Nephrology, Dialysis and Transplantation PC of Opelika, Ala., reported a March 6 breach involving the theft of a laptop. The incident affected 2,024 individuals. The clinic declined to offer more details.