Feds Add 4 More Major Breaches to List

Each incident affects more than 500 individuals
Feds Add 4 More Major Breaches to List
Federal regulators have added four more breaches to the tally of major healthcare incidents, with 56 cases now reported since September 2009, when new federal reporting requirements kicked in.

Since Feb. 22, the Office for Civil Rights within the U.S. Department of Health and Human Services has been regularly updating on its Web site a list of organizations that have notified HHS about a breach of unsecured health information involving more than 500 individuals.

Under the HITECH Act's breach notification rule, such incidents must be reported to HHS and the media within 60 days. Smaller breaches must be reported to HHS annually.

To view the list, click here. New cases are added as information is received and confirmed.

Newest cases

The four most recently added cases are:

University of Texas Medical Branch at Galveston

The organization notified 2,400 individuals that a former employee of a billing firm it had been using was arrested in unrelated identify theft cases.

The former employee of MedAssets Inc., Atlanta, was arrested and charged with using stolen identity to gain employment with the firm, UTMB explained in a letter to patients. The billing worker also was charged in other unrelated instances of identity theft and credit card theft.

MedAssets determined that the individual had access to UTMB patients' accounts between July and October 2009. But UTMB reported that it was unaware of any evidence that any of its patients' information was misused. UTMB offered the affected patients identity theft protection paid for by MedAssets.

University Medical Center of Southern Nevada

The Las Vegas hospital reported an Oct. 31, 2009, incident involving the theft/unauthorized access of paper records affecting 5,103 individuals. Medical center officials provided sketchy details, saying they were "cooperating with the FBI on their investigation of this crime" which apparently involved someone making unauthorized copies of records.

"To enhance the protection of patient information, UMC employees are now required to enter a personal identification number on copy machines in patient areas so that photocopies can be tracked and audited," a spokesman said. The medical center is providing free credit monitoring to those who may have been affected. The hospital "sent notification letters to individuals who provided information to the hospital's trauma center on Oct. 31 or Nov. 1," a spokesman said.

Lee Memorial Health System

The integrated delivery system reported that a patient complained Jan. 29, 2010, about receiving a "change of address" postcard from the organization's Infectious Disease Specialists clinic in Fort Myers, Fla., a spokesman said. The patient was concerned that postal service employees could see that he was being treated at a clinic that treats infectious diseases.

Although the postcard contained no personal information about the patients, other than name and address, the organization notified federal officials about the mailing, sent to 3,800 patients.

As a result of the complaint, Lee Memorial will no longer communicate change of address information for its clinics and other sites via postcards, the spokesman said.

Laboratory Corp. of America

The lab company reported the theft of a laptop Feb. 12 at its Dynacare Northwest Inc. unit in Washington state. The breach affected 5,080. Company executives declined to provide further details.

About the Author

Howard Anderson

Howard Anderson

Former News Editor, ISMG

Anderson was news editor of Information Security Media Group and founding editor of HealthcareInfoSecurity and DataBreachToday. He has more than 40 years of journalism experience, with a focus on healthcare information technology issues. Before launching HealthcareInfoSecurity, he served as founding editor of Health Data Management magazine, where he worked for 17 years, and he served in leadership roles at several other healthcare magazines and newspapers.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.