Georgetown Breach Added to the ListFederal tally of major incidents now totals 87
The federal list of breaches affecting more than 500 individuals, complied by the HHS Office for Civil Rights, now includes about 87 cases dating back to September, when the HITECH breach notification rule kicked in.
The hard drive, stolen in late March, contained information on more than 2,400 patients at Georgetown University Hospital. It was used as a back-up device for hospital information used to identify patients who are eligible to participate in research studies.
The device contained reports from the hospital's surgery department, including patient name, date of birth, gender, date of surgery, type of surgery or test and medical record number. The files did not include addresses, financial information or Social Security numbers.
The hospital is in the process of notifying all patients as required under HITECH. According to a hospital statement: "We are assessing our current procedures and adding processes and controls to ensure that we continue to use and disclose patient information only as permitted by law and in accordance with our Notice of Privacy Practices."