The #1 cause of 166 HITECH breaches

96 of the 166 breaches (66%) involved theft. 58% of thefts involved laptops or computers.

As required by the HITECH Act, the Secretary of Health & Human Services must post a list of breaches of unsecured protected health information affecting 500 or more individuals.  Since the tracking began two years ago, 166 breaches impacting nearly 5 million patients were reported. 

Source:  http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachtool.html

The cost and damage to reputation can be severe. 

  • Avmed Health Plan had a laptop stolen. 1.2 million patients were notified.
  • BlueCross BlueShield of Tennessee lost 57 hard drives. 1 million patients were notified.
  • Affinity Health Plan returned leased copy machines containing hard drives containing patient information. 345,000 patients were notified.
  • Emergency Healthcare Physicians Ltd. in suburban Chicago had a hard drive stolen at a billing service. 180,000 patients were notified.

If you take steps to properly encrypt desktops and laptops, you can take advantage of the ‘safe harbor’ provision within the regulation, and avoid the need to disclose a breach. 

Patients are a provider’s most valuable asset and protecting them is a vital part of a successful operation.  Donna Maassen, Director of Compliance, and Privacy & Security Officer for Extendicare Health Services, Inc. offers advice and steps you can immediately take to protect your patients and reputation. Download her white paper here.

HITECH white paper

Posted by Jennifer J. Clement