Health Information Management

Large patient information breach list nears century mark

HIM-HIPAA Insider, June 22, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

The Office for Civil Rights' (OCR) list of entities reporting major patient information breaches began at 32 about four months ago. It is now near 100.

The number of entities reporting breaches of unsecured PHI affecting 500 or more individuals has nearly tripled since the agency that enforces the HIPAA privacy and security rules first posted them on its website in February.
 
OCR posted a list of 32 entities that, since September 22, 2009, had reported the egregious breaches to OCR. On Friday, that number climbed to 93.
 
"I'm interested to see how long before we see over 100 entities listed," says Frank Ruelas, director of compliance and risk management at Maryvale Hospital and principal of HIPAA Boot Camp in Casa Grande, AZ. "The way things are looking, I expect the list to hit 100 by the end of June."
 
Ruelas says he's received many questions over the last couple of weeks about who bears the cost of notifications.
 
"My response is that before investing time (and money) in going down this very busy and curvy road, look at options to encrypt," he says. "It seems more and more that this is the best and probably easiest way to avoid breach notification-induced chest pain."
 
HITECH requires OCR to make public any breaches of 500 or more. OCR said on the site it will continue to update the page as it receives new reports of breaches of unsecured PHI.
 
Note: This article is excerpted from the HIPAA Update website. Visit regularly to stay on top of all HIPAA and HITECH privacy and security news and information.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular