Sutter Health breach includes medical diagnoses
HIM Connection, November 29, 2011
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
On November 16, Sutter Health in Sacramento, CA, reported on its website the theft of an unencrypted desktop computer which contained the records for more than 4.2 million patients. The computer was taken from the health system’s administrative offices the weekend of October 15.
Sutter Health said 3.3 million patients seen from 1995 to January 2011 under its Sutter Physician Services (SPS) umbrella were included in the computer’s database, which held the following information:
• Name
• Address
• Date of birth
• Phone number
• E-mail address (if provided)
• Medical record number
• Name of the patient’s health insurance plan
SPS provides billing and managed care services for healthcare providers with which it contracts, including facilities within the Sutter Health network.
Further, the desktop computer held information on approximately 943,000 Sutter Medical Foundation (SMF) patients treated from January 2005 to January 2011, including dates of services and descriptions of medical diagnoses and/or procedures used for business operations.
Because the data of SMF patients was broader in scope, Sutter Medical Foundation has begun the process of notifying these patients by mail. Patients should receive letters no later than December 5.
Read more on the HIPAA Update blog.
Want to receive articles like this one in your inbox? Subscribe to HIM Connection!
Related Products
-
HIPAA Handbook for Healthcare Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Coders, Billers and HIM Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- QA:Coding multiple initial infusions
- News and briefs: Oklahoma Osteopathic Association against residency bill change
- HIPAA Q&A: Level of encryption needed for email
- OB services: Coding inside and outside of the package
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- CMS has reformulated payments for some bilateral procedures
- Catch up on what's new with injections and infusions
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- What does case-mix index mean to you?
- Identify modifiable risk factors to prevent patient falls
- Hospitals are not bound by InterQual criteria for determining patient status
- Searched